Victorian health services are highly vulnerable to cyberattacks and none have implemented the full set of 72 baseline cybersecurity controls introduced in March 2016, a Victorian Auditor-General's Office (VAGO) audit has found.

VAGO's external investigators were able to exploit key weaknesses in physical and logical security in four audited agencies and access patient data to demonstrate what it calls a “significant and present risk” to the security of data and hospital services.