A cutting-edge cybersecurity device designed to protect medical equipment from being controlled or knocked offline by hackers will be trialled in Victoria in a world-first pilot.

Melbourne’s Western Health will connect 400 of the Cyber-Nexus anti-hacking gadgets developed by Israeli firm Bio-Nexus to vulnerable medical devices to protect the IT infrastructure from infiltration and safeguard patient safety.

The six-month trial will secure medical equipment such as heart rate monitors and intravenous pumps, the state’s Minister for Health Jill Hennessy said.

“When Victorians find themselves in hospital the last thing we want them to have to worry about is technology breaking down due to cyber attacks. All we want them to worry about is getting better,” Hennessy said.

“This project is about using the latest technology to keep our hospitals safe from malicious threats from hackers.” 

The announcement comes as new research has found Australia is the world’s second most-frequent target of business email compromise attacks.

Despite its relatively small population, 27.4 per cent of BEC attacks observed during the first half of 2017 were aimed at Australian targets, with the US at the top of the list at 30.96 per cent, according to Trend Micro’s 2017 Midyear Security Roundup. The UK ranked third with 22.46 per cent of the attacks. Malicious hacking also surpassed accidental data or device loss as the leading cause of data breaches in the study.

Healthcare, in which disruption to services is potentially fatal, is attracting a plague of hacks, with research last year by the Ponemon Institute claiming 90 per cent of healthcare organisations had been targeted. It also said almost 45 per cent of all data breaches in the industry were due to criminal activity such as state espionage, ransomware and malicious insiders, or the theft of patient information, clinical research and pharmaceutical formulations.

Medical devices, many of which were designed without cybersecurity as a priority, are known for their vulnerability to attack. Last week the US Department of Homeland Security issued a warning about vulnerabilities in Medfusion's Syringe Infusion Pump, and two weeks ago the US Food and Drug Administration issued a recall of St John Medical’s implantable pacemakers (Australia’s Therapeutic Goods Administration issued a “safety alert”).

[See more: Risk of hacking leads to unprecedented pacemaker recall | Opinion: Cisco’s Richard Staynings -The game-changing path to an unprecedented pacemaker recall]

Weaknesses in system architecture and software leave many medical devices vulnerable to threats that could directly impact hospital network operations, data integrity or patient care. 

Last year, the Royal Melbourne Hospital was attacked by a virus that caused a major slowdown with staff forced to resort to manual processes. In May the UK’s NHS was crippled by the global WannaCry ransomware attack that brought down medical equipment and patient records.

Currently cyber breaches are voluntarily self-reported to the Australian Cyber Security Centre but in February 2018 the introduction of the mandatory data breach notification regime will place failures into the public domain with likely financial and reputational consequences.

The Victorian trial will connect a Cyber-Nexus device to individual medical devices such as blood refrigeration units, CT scanners, X-ray machines and insulin pumps. A physical shield between the medical device and the network, it also incorporates Wi-Fi WPA2-enterprise verification and ethernet and Wi-Fi support.

The $457,000 state government- funded trial is in addition to the $11 million earmarked in this year’s state budget to protect hospitals from cyber attacks. Victoria was also the first state to launch a cyber security strategy in May.




White papers