Patient data held by Victoria’s public health services could be easily hacked in a system riddled with weaknesses, an audit has found.
The state’s public health system is highly vulnerable to cyber attacks but staff awareness of data security is low with issues around physical security, password management and other access controls, Auditor-General Andrew Greaves said in a report.
“We exploited these weaknesses in all four audited agencies and accessed patient data to demonstrate the significant and present risk to the security of patient data and hospital services,” the report released on Wednesday said.
In two of the agencies, auditors managed to gain access to areas storing critical technology infrastructure, such as servers. And the auditors managed to get into restricted administration and corporate offices of all the agencies.
There is a poor security culture within government departments and the state’s water providers lack a strategic approach to managing cybersecurity risks, according to two more reports tabled by the auditor-general.
The auditor-general’s office checked out the security of government buildings, focusing on the Department of Health and Human Services and…
