cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Monash Health caught up in ZircoDATA ransomware data breach

Domestic violence data exposed, as National Cyber Security Coordinator releases statement on ZircoDATA breach.

user icon David Hollingworth
Mon, 06 May 2024
Monash Health caught up in ZircoDATA ransomware data breach
expand image

Public healthcare provider Monash Health revealed late last week that its data had been exposed after record management firm ZircoDATA fell victim to the Black Basta ransomware gang in February.

ZircoDATA has handled secure document storage, cataloguing, and destruction for 9,000 customers, according to the company’s website.

Monash Health was one of them, and the healthcare company has revealed that sensitive personal data had been impacted by the hack.


“Monash Health is aware that ZircoDATA, a Victorian-based company we used to scan archived historical documents, has experienced a data breach,” Monash Health said in an update on its website. “We were recently informed that Monash Health data was involved in this breach.”

“Investigation analysis indicates that the Monash Health information involved in the ZircoDATA data breach relates to a selection of archived data from the family violence and sexual assault support units at Monash Medical Centre, the Queen Victoria Hospital, and Southern Health, limited to the period from 1970 to 1993.”

Monash Health also added that its own systems were secure, and only historical data held by ZircoDATA has been impacted.

On the same day, the National Cyber Security Coordinator released its own statement on the incident.

“ZircoDATA first publicly advised it had been impacted by a cyber incident in late February. Today, one of its impacted clients, Monash Health, has disclosed it has been affected by the incident,” the coordinator, Lieutenant General Michelle McGuinness, said in a statement.

“It is the responsibility of ZircoDATA to notify impacted clients, and the National Office of Cyber Security has been supporting it to do so.

“My team has been engaged with ZircoDATA on understanding and addressing the incident’s impacts since mid-March. The National Office of Cyber Security has been assisting ZircoDATA in ascertaining the full extent of the compromise and supporting both the organisation and its affected government clients to identify impacted victims and to meet their obligations to notify them.”

LTGEN McGuinness said that investigating the full extent of the breach is taking some time and that ZircoDATA was still working to establish the full list of victims involved in the data breach. LTGEN McGuinness also said that several government entities have been impacted by the breach.

“The majority of these entities are still in the process of working with ZircoDATA to identify impacted data and any victims and are yet to begin notifying impacted individuals. There are clear processes for ZircoDATA and the affected government entities to work through,” LTGEN McGuinness said.

“The National Office of Cyber Security will continue to support affected government entities in working with ZircoDATA on the process of identifying victims and notifying them. The impact for most government entities is likely to be minimal.”

Black Basta listed ZircoDATA as one of its victims on 22 February, claiming to have 395 gigabytes of information. The gang listed a ransom deadline of 1 March and posted a swathe of scanned passports and other employee and customer data by way of proof.

“We are committed to protecting the information of all our valued customers, employees and stakeholders,” a ZircoDATA spokesperson said at the time.

“We understand this incident may have caused inconvenience or distress, and we want to assure you we are working to resolve it.”

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.