An audit conducted by Australia’s Victorian Auditor General’s Office (VAGO), Andrew Greaves has found that the data related to Victoria’s Public Health System can easily be hacked due to issues related to weak physical security, password management, and other access controls.
“Our audit has discovered that the data related to the health services were vulnerable to hackers who could potentially steal it for malicious means or sell it on the dark web”, says the report conducted by Andrew Greaves.
As two of the state water boards lacked a strategic approach to mitigate cyber risks and since most of the government departments were practicing a poor security culture the risks associated to such practices were termed to be high on the threat scale.
Greaves revealed that his IT team could gain access to servers where most of the critical info was stored without much of a strain. Also, the team of researchers was able to get into restricted domains of admin and corporate offices of all the agencies which were a serious concern. And that was possible as most of them were using default account names and passwords set by the manufacturers.
Barwon Health, Royal Children’s Hospital, Royal Victorian Eye and Ear Hospital along with the departments of Digital Health Branch and Health Technology Solutions were found not be proactive when it came to the procedural follow of cyber hygiene.
Although the security posture of Government buildings and the Department of Health and Human Services along with the Department of Justice and Community Safety was termed to be adequate; its effectiveness was undermined by human error.
Mainly the flaw exists over lack of proper coordination of protective security or due to non-availability of leadership that guides through physical security policies and guidelines.
The VAGO’s review and recommendations were accepted by all the audited health services and the departments.