Virus hits Melbourne hospital; Aussie hotels in Hyatt hack; Exetel to compensate customers

A virus last week infected the computer system of a large Melbourne health network, hindering the organisation’s ability to analyse blood, tissue and urine samples, according to news reports.

The Age reported on Monday that a virus had infected Windows XP computers at Melbourne Health.

SBS reported on Tuesday that the virus began to afflict core computer systems and personal computers at Royal Melbourne Hospital — which is a part of Melbourne Health — on the previous Friday afternoon.

According to The Age, Melbourne Health’s executive director nursing services and allied health sent an email to staff saying the virus had affected the health organisation’s pathology department, and that specimens like blood, tissue and urine samples were being processed manually as a result of the virus.

The email also told staff they should not log in to any password-protected sites like banking websites, Gmail or Facebook.

The Age quoted a Melbourne Health spokesperson as saying: “Patient safety has always been our highest priority and has been maintained... Elective surgeries and outpatient appointments are continuing as normal.

“We are working to fix this issue as quickly as possible. As soon as the virus has been removed, we will investigate how it came to infect Melbourne Health,” the spokesperson was quoted as saying.

On Tuesday the Royal Melbourne Hospital released a statement saying that Melbourne Health was “managing” the virus.

“While the virus has been disruptive to the organisation, due to the tireless work of staff we have been able to minimise this disruption to our patients and ensure patient safety has been maintained,” the statement said.

“As of 10 am [Tuesday] morning, many programs affected by the virus are up and running including pathology and pharmacy.”

Pulse IT reported on Wednesday that the malware that affected computers at Royal Melbourne Hospital is a new variant of the Qbot worm.

Aussie hotels affected in Hyatt hack

Hyatt Hotels has completed its investigation of a payment card incident that affected some of its establishments last year, revealing that several of its Australian locations were affected, and customers at those locations may have had their credit card details stolen.

“The investigation identified signs of unauthorized access to payment card data from cards used onsite at certain Hyatt-managed locations, primarily at restaurants, between August 13, 2015 and December 8, 2015,” a statement from the company said.

However, the company noted that some of the at-risk cards “were used at spas, golf shops, parking, and a limited number of front desks, or provided to a sales office during this time period” and that the risk window for some locations “began on or shortly after July 30, 2015”.

The company said the malware was designed to collect payment card data — such as cardholder name, card number, expiration date and internal verification code — and that “[t]here is no indication that other customer information was affected”.

The company has more information — including a list of affected locations and their associated at-risk dates — at www.hyatt.com/protectingourcustomers.

According to that list, the Hyatt Hotel Canberra, the Grand Hyatt Melbourne, the Park Hyatt Melbourne, the Hyatt Regency Perth and the Park Hyatt Sydney were affected in the incident.

Exetel to compensate customers

Exetel will provide compensation to consumers that were affected by changes the company made to its fixed term residential broadband plans last year, the ACCC revealed this week.

According to the ACCC, Exetel last year told more than 2000 of its residential broadband customers they had to either change their broadband plan or terminate their service with the company.

“Exetel relied on a clause in its standard residential broadband agreement which provided that Exetel could vary any part of that agreement for any reason,” the ACCC said.

The ACCC investigated and came to the conclusion that “the clause was an unfair contract term which was likely to contravene the Australian Consumer Law”.

The ACCC also concluded that “Exetel’s advertising of these fixed-term plans was likely to be misleading because it represented that consumers would receive the service for the 12-month fixed term, when this was not necessarily the case”.

In response to the ACCC’s concerns, Exetel has agreed to:

• remove the clause from its residential broadband standard form of agreement;
• refund any additional monthly subscription costs incurred for the remainder of the fixed term by customers who changed to a new plan; and,
• refund any activation charge previously paid by customers who terminated their Exetel service rather than change to a new plan.

Image courtesy USN under CC