Staff unable to access patient files after Eastern Health cyber attack
Staff at a major Melbourne health network are unable to access critical patient medical histories a fortnight after a ransomware attack that is also causing significant delays to elective surgeries.
Eastern Health, which operates Box Hill, Maroondah, Healesville and Angliss hospitals, was forced to shut down some of its IT systems following a widespread cyber attack that crippled its server on March 16.
Some surgeries at Box Hill Hospital have been postponed after a suspected cyber attack on Eastern Health.Credit:Eddie Jim
Almost two weeks on from the incident, staff are still unable to access internal emails and IT systems and have reverted to using pen and paper and whiteboards for some patient management.
But concerns are now mounting about patient safety, with the cyber attack hindering doctors from being able to access hospital systems to retrieve patients’ medical histories.
The adult son of Melbourne woman Mary Hayes attended the Box Hill hospital last week, he has diabetes and an acquired brain injury.
Ms Hayes said hospital staff treating him were unable to access his medical history and, due to his complex needs, he was unable to verbally communicate to the doctor and nurses treating him that he had a history of diabetes and was experiencing extreme pain from a sore toe.
“He left the hospital with high blood sugar due to his diabetes, but what they did not know was that he also had an infected toe,” Ms Hayes said.
She later took her son to a podiatrist to examine his sore toe and was told the infection had spread to the bone.
“It is looking like he will probably have his entire toe amputated this week, but if they had known earlier, it probably would have just been the tip of his toe that needed to be amputated,” Ms Hayes said.
“I have been at the Box Hill hospital with him and the staff are beside themselves because they have to handwrite everything with pen and paper. The doctors and nurses are so stressed and it is really distressing for them and for the patients and their families.”
Category one elective surgeries – for patients who enquire treatment within 30 days – have continued at the health service as planned, but category two and three surgeries for less serious medical procedures were postponed.
Category two surgeries are procedures that need to happen within 90 days and that cause pain or disability, but are unlikely to escalate to an emergency. This could be something like a standard heart valve replacement. Category three surgeries include procedures such as hysterectomies and hip and knee replacements.
An Eastern Health spokeswoman said on Monday the “criminal attack had caused significant disruption” to the health service, with many systems remaining offline.
To date, it does not appear that any private patient data has been accessed. The spokeswoman said some elective surgeries resumed as of Monday morning and the health service was now providing two-thirds of scheduled outpatient clinic appointments.
“Extensive work continues to be undertaken with the support of the state and federal governments alongside IT experts,” she said.
“Staff and patient safety remains our number one priority.”
“We sincerely apologise for the delay and inconvenience this situation is causing many of our staff patients and broader community.”
Ms Hayes said her son was booked in for surgery at Box Hill Hospital later this week, but she was worried about other patients like him, who had complex needs, and may not be able to verbalise their medical histories.
“My biggest concern is that there will be other people like my son who won’t be able to tell the doctors or nurses looking after them what the problem is and somebody could die,” she said.
An Eastern Health spokeswoman said despite the IT challenges posed by the cyber attack, the health service’s “business continuity plans ensured this patient’s care information was correctly managed.”
She added that Eastern Health had processes in place help with the care of all non-verbal patients, including making contact with appropriate support people.
The Eastern Health cyber attack came less than two weeks before Media giant Nine Entertainment Co was hit by a major cyber attack hit in the early hours of Sunday morning.
The Australian Parliament also continues to investigate a potential cyber attack in Canberra on Sunday evening affecting government-issued smartphones and tablets.
“This really is the new normal, what we are experiencing is how it is going to be into the future,” RMIT University cyber security professor Matthew Warren said.
“Part of the issue is the fact there isn’t one perpetrator behind these attacks. It could state-based actors, criminal gangs or hackers.”
In 2019, a spate of major Victorian health services fell victim to cyber hacks, with ransomware attacks causing chaos at Barwon Health, Gippsland Health Alliance and South West Alliance of Rural Health.
The same year, a sophisticated cyber crime syndicate also hacked and scrambled the medical files of about 15,000 patients from a specialist cardiology unit at Cabrini Hospital and demanded a ransom.
“Hospitals are attractive targets, not just in Australia, but around the world because of the private data they hold,” Professor Warren said.
“Part of the problem with hospital is that with the money they have … the resources go into medical help as you would expect, so it means their IT systems don’t get the same level of funding or attention.”
Professor Warren predicted governments will soon play a far greater regulatory role in protecting industries, like healthcare systems, which are of national importance, from the threat of cyber security breaches.
Eastern Health has been contacted for further comment.
Most Viewed in National
From our partners
Source: Read Full Article