Cyber Incident Victim: Royal Melbourne Hospital
Date:
Jan 2016
Location:
Australia
Summary
A virus infection disrupted core computer systems and personal computers at Royal Melbourne Hospital, prompting IT staff and security consultants to work continuously to isolate the issue. The incident prevented access to patient pathology results, forcing lab staff to implement manual workarounds using paper records and faxes, though time-critical results were prioritized and delivered without significant delays. Patient safety remained the highest priority, with elective surgeries and outpatient appointments continuing normally, and no compromise of medical records was reported. The hospital stated it would investigate the virus's origin and entry method once systems were restored.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A computer virus infected core computer systems and personal computers at the Royal Melbourne Hospital starting Friday afternoon, with the incident persisting through the weekend. The virus spread across hospital systems during this period, prompting Melbourne Health—the hospital's managing authority—to deploy IT staff and external security consultants working continuously to isolate the infection. By Tuesday, systems remained offline, though hospital representatives expressed hope for restoration by the end of that day. The disruption prevented staff from accessing digital patient pathology results, forcing laboratory personnel to implement manual workarounds involving paper-based records, phone communications, and fax transmissions. Professor Chris MacIsaac, head of the intensive care unit, confirmed these manual processes slowed operations but noted time-critical lab results received prioritization and continued to reach clinicians without life-threatening delays. The hospital maintained elective surgeries and outpatient appointments throughout the incident, asserting no compromise to patient medical record security or overall safety.
Melbourne Health initiated containment efforts immediately upon detecting the virus, focusing on isolating affected systems to prevent further propagation. While restoration work proceeded, the organization announced plans to investigate the virus's origin and infiltration method only after complete removal of the threat. No operational details regarding malware identification, network segmentation techniques, or forensic methodologies were disclosed publicly. The incident highlighted dependencies on digital infrastructure within Australian healthcare, with pathology workflows particularly impaired by the loss of electronic systems. Despite the disruption, hospital administration emphasized maintaining standard care protocols through analog contingency measures, avoiding cancellations of scheduled medical services. No data exfiltration, ransom demands, or secondary incidents were reported in connection with the event.