The country’s former cybersecurity chief Alastair MacGibbon said criminals with “no morality” would likely target individual health records, hospitals and even Australia’s vaccine delivery network.

Mr MacGibbon said offenders may also try to stir confusion about who has and has not received the jab.

His stark warning comes as attacks against healthcare organisations surged by 45 per cent in the past three months, and after successful ransomware attacks on Australian transport companies and hospitals.

Australians are expected to start receiving the COVID-19 vaccination late next month after the Therapeutic Goods Administration approved the Pfizer vaccine for those aged over 16 years.

But Mr MacGibbon, now CyberCX chief strategy officer, said foreign attackers and cyber criminals would try to disrupt the rollout and use it as an opportunity to prey on worried Australians.

“We have seen state-sponsored activities around the vaccine supply chain and I think we’re going to have an increased problem during the vaccine rollout,” he said.

“We already know nation states and criminals have been very active in trying to collect information on the COVID research side.

“We know criminals target health records for what they’re worth on the Dark Web — they’re worth a lot more than other records.

“COVID has created an opportunity for criminals and, inexplicably, crooks and nation states have no morality whatsoever so they don’t mind targeting hospitals with ransomware during a pandemic.”

Mr MacGibbon, who became Australia’s first national cybersecurity adviser in 2016, said determined criminals would zero in on hospitals and healthcare facilities in charge of delivering the vaccine, and could also seek to infect vulnerable parts of the vaccine’s supply chain with ransomware.

Both Australian hospitals and courier companies have suffered ransomware infections in the past, with successful attacks on the Toll Group in February and May last year, on TNT Express in 2017, and on a network of Victorian hospitals in 2019.

The regional hospitals were forced to delay surgeries and outpatient appointments.

“Imagine if criminals being able to hold to ransom whether or not you could deliver COVID vaccines?” he said. “Look at what happened with Toll when it suffered ransomware incidents.”

Mr MacGibbon also warned state and federal authorities should be “actively working on a solution” for recording and securing vaccination records, and a “digital vaccine passport” that Australians could use for travel and employment.

But Services Australia general manager Hank Jongen said the Government planned to use existing Medicare systems and the Australian Immunisation Register to record individual vaccinations, rather than introduce a new record or identification.

“This is not a new process for many Australians,” Mr Jongen said. “There are already a number of situations that require Australians to provide proof of vaccination, such as child care or school.”

Mr Jongen said the Medicare system would also receive “independent security testing and (updates) as technology changes and new challenges emerge”.

If not properly structured and secured, Mr MacGibbon warned, vaccination records could become the target of state-sponsored hackers seeking to create chaos and delays.

Globally, attacks against healthcare organisations have jumped 45 per cent since November last year, according to Check Point — more than double the increase in attacks against all industries.

Microsoft also reported state-sponsored hacking attempts against seven companies working on COVID-19 vaccines, including groups from Russian and North Korea.

Avast security expert Luis Corrons said individuals should also expect to see a “surge in online vaccination scams” over the next month, potentially promoted on social media sites, in an effort to steal their financial details.

“If people see vaccination offerings circulating on the internet, they need to keep in mind that the sale is likely too good to be true, as vaccinations should be distributed through official sources only,” Mr Corrons said.

More Coverage

New way to jump the COVID vaccination queue

Sue Dunlevy

Aus of the Year award betting scandal goes to crime watchdog

Ellen Whinnett, National Investigations Editor

Originally published as Australia’s vaccine rollout may be targeted by criminals, foreign spies, former security chief warns