VICTORIAN public health services have been advised to address potential weaknesses in their hospital patients' data security.
It comes after the Victorian Auditor-General's Office found the state's public health system "highly vulnerable" to cyberattacks similar to those seen in England, Singapore, and at a Melbourne-based cardiology provider.
Fourteen recommendations arose from VAGO's audit, targeted at both the Department of Health and Human Services and Victorian public health services.
They included compulsory data security training for all staff at public health services.
Bendigo Health said it would review the report's recommendations.
"We currently meet all DHHS compliance requirements and have a cybersecurity manager," a spokesperson said.
"Bendigo Health takes the protection of our patients' data very seriously."
VAGO audited three health services: Barwon Health, the Royal Children's Hospital and the Royal Victorian Eye and Ear Hospital.
All of the audited health services were found to be vulnerable to cyberattacks.
The digital health and health technology solutions areas of the Department of Health and Human Services were also scrutinized.
VAGO said the DHHS digital health branch had filled an important gap in the sector by developing cybersecurity standards and acting as the central point for advice and support.
"While digital health has developed a clear roadmap to improve security across the sector, health services have not fully implemented the security measures necessary to protect patient data," it found.
The health technology solutions area of DHHS was among those that had not fully implemented the cyber security controls.
VAGO said HTS shared many of the same security weaknesses as health services.
"This is a risk to the sector because HTS hosts the clinical and patient administration applications used by 52 of the 85 Victorian health services," the report said.
There have been no breaches of patient data to date, despite some incidents in Victoria's public health sector in the past 12 months.
The department has accepted all VAGO's recommendations.
A spokesperson said DHHS would undertake further work to implement cybersecurity controls across the health sector.
"Safeguarding patient and clinical data is a top priority for the government," they said.
"Over four years, approximately $46 million in new money is allowing health services to upgrade computers and other vital equipment to strengthen reliability and cybersecurity."
The spokesperson said the investment program helped health services improve the information technology infrastructure underpinning areas such as patient bookings, medicines, diagnostics and patient care.
"The department's health service cyber security program is introducing systems to detect and block attempts to hack into health services," they said.
All but two of the 14 recommendations were understood to have been in progress either before the audit or since it started.
Have you signed up to the Bendigo Advertiser's daily newsletter and breaking news emails? You can register below and make sure you are up to date with everything that's happening in central Victoria.
Emma D'Agostino
Covering general news and Bendigo council.
Covering general news and Bendigo council.
