Melbourne Heart Group has advised that no patient’s privacy was compromised or breached in a recent ransomware attack.
Earlier this year, a syndicate hacked and scrambled around 15,000 electronic medical records at the specialist cardiology unit at the Cabrini Hospital premises in Melbourne.
In a statement, the company said its systems have been restored and confirmed that no records left its system.
“[Melbourne Heart Group] wishes to advise all our patients that the cybersecurity incident we experienced in late January has been resolved. The data has been decrypted and our systems have been restored,” the statement read.
“We would like to emphasise that patients’ privacy has not been compromised or breached. No information left our computer system – it was encrypted so that no one could see it, even ourselves.”
No further information about the case, such as where the malware was from, if a ransom payment was made or the exact number of affected records was revealed.
Cabrini Health Chief Executive Dr Michael Walsh also confirmed that the attack did not involve Cabrini records as data storage and other information systems in the specialist suite is owned and managed by Melbourne Heart Group.
“The cyber-security incident reported… occurred at the Melbourne Heart Group, a group of specialists who lease rooms at Cabrini Malvern. Data storage and other information systems in specialist suites are owned and managed by the specialists, not by Cabrini. The specialists are not employees of Cabrini,” he said.
“The protection of patient information is of the utmost importance and is a responsibility Cabrini takes very seriously. No Cabrini data storage or patient related systems or operations have been impacted or compromised by this incident and there has been no breach of hospital patient data."
[Read more: Medical records at Victorian hospital get hacked | Is your healthcare ecosystem cyber resilient enough?]
The Office of the Australian Information Commissioner (OAIC) recently identified, in its latest Notifiable Data Breaches Quarterly Statistics Report, that malicious and criminal attacks was the second largest source of data breaches from the health sector.
It also found that the health sector topped the list of notifiable data breaches for the fourth consecutive quarter.
With mega-breaches and hacking persisting as a top cybersecurity concern globally, the Therapeutic Goods Administration (TGA) recently released a draft regulation guidance on cybersecurity for medical devices, in line with the existing regulatory requirements.
It calls for a clear regulatory environment for connected medical solutions and identifies strategies to influence the approaches of those who use medical devices.
