This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Eastern Health

Summary

Eastern Health, one of Melbourne's largest public hospital networks, was hit by a cyber attack in March 2021 that forced the postponement of non-urgent elective surgeries and disrupted clinical systems. The ransomware attack affected IT infrastructure across multiple hospital campuses during the COVID-19 pandemic.

What Happened

Eastern Health detected a cyber security incident affecting its IT systems in mid-March 2021. The attack was identified as ransomware that encrypted systems and disrupted access to clinical and administrative networks.

Eastern Health operates major hospitals including Box Hill Hospital, Maroondah Hospital, and Angliss Hospital, serving communities in Melbourne's eastern suburbs. The cyber attack impacted IT systems across this network, forcing staff to implement contingency plans for patient care.

The timing was particularly challenging as Victorian hospitals were managing COVID-19 cases and maintaining vaccination programs alongside regular healthcare services.

Impact on Individuals

The ransomware attack created significant disruption to healthcare services:

  • Surgery postponements: Non-urgent elective surgeries were rescheduled while systems were restored
  • Clinical system access: Medical staff faced challenges accessing digital patient records
  • Service delays: Administrative and clinical workflows slowed by system outages
  • Data exposure risk: Ransomware attacks typically involve data theft before encryption

Patients scheduled for elective procedures faced uncertainty and delays in receiving planned healthcare. Healthcare workers had to adapt to manual processes and paper-based systems while IT infrastructure was recovered.

Organisational Response

Eastern Health immediately activated its cyber incident response procedures and engaged cybersecurity experts to investigate and remediate the attack. The organisation worked with the Victorian Department of Health, Australian Cyber Security Centre, and law enforcement agencies.

Clinical teams implemented business continuity plans to maintain essential patient care services while IT systems were offline. The organisation prioritised urgent and emergency care while postponing non-urgent procedures.

Eastern Health did not publicly confirm whether any ransom was paid to the attackers. The incident highlighted the critical importance of cybersecurity in healthcare, where system outages can directly impact patient care and safety.

Verification Source: View original statement