Hackers stole data from St. Vincent’s Health’s network through a cyberattack, and the hospital and senior care provider are currently conducting an expeditious investigation into the event.
St. Vincent’s, the biggest nonprofit health and senior care provider in the country, reported that it learned about the attack on Tuesday and that it is still looking into what information was taken. Whether patient data was compromised in the hack is unknown.
According to a statement from a St. Vincent’s representative, “St. Vincent’s Health Australia began responding to a cybersecurity incident on Tuesday, 19 December 2023.”
“As soon as possible, St. Vincent’s acted to contain the incident, enlisting the help of outside security experts and informing pertinent state, federal, and agency authorities.
St. Vincent’s discovered evidence late on Thursday, December 21, indicating that hackers had deleted some data from our network.
“St. Vincent’s is investigating what information has been deleted.”
According to the spokesman, an investigation was still underway, and the business was trying to secure its systems, figure out what the cybercriminals had done, and find out what information might have been accessed and taken.
In addition to 26 aged care facilities, St. Vincent’s manages three public, ten private, and three combined hospitals in Queensland, Victoria, and New South Wales. Almost 30,000 people work for it nationwide.
The spokesman stated, “As of now, this incident has not impacted St. Vincent’s ability to provide the services our patients, residents, and the larger community rely on across our hospital, aged care, virtual, and home health networks.”
Our top priorities are the community’s continued access to St. Vincent’s services as well as the health and safety of our patients, residents, and people in general.
“We are grateful for the support we have received from the Australian government and our state government partners since we first informed them about the incident.”
We reached out to Minister of Cybersecurity Clare O’Neil for an answer. According to a source close to St Vincent’s, since the attack was discovered on Tuesday, the Australian Cyber Security Centre has been informed of the incident, and the federal and state governments have received daily briefings.
Also Some Months, the Australian Government unveiled the Cyber Security Strategy. St. Vincent’s Health Australia was closely collaborating with the Australian Signals Directorate’s Australian Cyber Security Centre, which declared that it was aware of a cyber incident.
The attack is the most recent data breach to affect a significant Australian business; in late 2022, cyber incidents affected Optus and Medibank, and last month, major port operator DP World Australia shut down its terminals due to a significant cybersecurity breach.
As part of a new seven-year strategy that includes mandatory reporting of ransomware attacks, health checks for small businesses, and increased funding for cyber law enforcement, the federal government announced that it would strengthen the nation’s cyber defenses in response to a recent spike in attacks.
O’Neil declared last month, “We cannot continue as we have.”
“We can’t have a situation where data is flying across the nation, where vital infrastructure is beginning to fail, where citizens and small businesses are constantly telling us they feel helpless and unable to handle cyber threats on their own.”
In the meantime, the Australian Cyber Security Centre reported in its most recent annual threat report that reports of cybercrime increased by 23% to over 94,000 in the fiscal year ending in June.
Data was stolen from the St. Vincent’s Health network
Data from one of Australia’s biggest not-for-profit hospitals and aged care operators has been stolen by hackers.
St. Vincent’s Health runs hospitals and aged care facilities in Victoria, New South Wales, and Queensland.
It claimed to have found evidence that late on Thursday, “some data” had been deleted from its system.
However, the organization said it could not confirm what kind of data had been taken or whether it contained private information about specific individuals.
St. Vincent’s was notified of a cyber breach for the first time on Tuesday, according to chief executive officer Chris Blake.
“Our response was immediate as soon as the cybercriminals were identified on our network,” stated Blake.
“We started the containment activities absolutely immediately so the work that has been going on day and night in the last couple of days has been first and foremost focused on containment so there hasn’t been any impact on our operational facilities.”
Mr. Blake reported that outside security specialists were consulted.
“Of course you prepare for these incidents, and we’ve been preparing regularly, and they were already on retainer with us and we were able to act very quickly,” he stated.
The ability of St. Vincent’s Health to provide services at its 20 aged care facilities, public and private hospitals, and through its virtual in-home care has not been impacted by the cyberattack, the organization said.
According to acting National Cyber Security Coordinator Hamish Hansford, the National Office of Cyber Security is collaborating with St. Vincent’s Health.
Since learning about the breach from St. Vincent’s Health, the Australian government, according to Mr. Hansford, has taken an active role.
“We’re working with St Vincent’s about what’s been stolen, what type of data, how much it is, and then what we can do next,” Mr. Hansford stated.
In contrast to earlier data breaches at Medibank and Optus, he claimed it looked like not much data was taken.
“Cyber criminals are every day targeting Australia and particularly Australian infrastructure and that is why we’ve seen one cyber incident reported every six minutes.”
In addition, relevant state and territory agencies, Services Australia, and the Department of Health and Aged Care were coordinating a coordinated response to the breach and minimizing any consequences.
The Victorian government is collaborating closely with St. Vincent’s Health Australia, according to a spokeswoman.
We are aware of a cyber security incident that occurred across several states at St. Vincent’s Health Australia.
“We are advised that a forensic analysis was immediately undertaken where it was identified some data had been removed from SVHA’s networks — more work is being done to ascertain the extent of the breach and we will remain in contact with the health service and Commonwealth during this time.”
The identity of the hacker is still being looked into.