Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

St Vincent’s Health reveals data stolen in cyber attack

The aged and healthcare not-for-profit is investigating a cyber attack that impacted its systems this week.

user icon David Hollingworth
Fri, 22 Dec 2023
St Vincent’s Health reveals data stolen in cyber attack
expand image

Healthcare provider St Vincent’s Health has admitted to media that it fell victim to a cyber attack on 19 December, with the hackers having stolen some amount of data.

St Vincent’s Health told The Sydney Morning Herald about the incident, though as yet, there is no notice of the hack on the healthcare provider’s website.

“On Tuesday, 19 December 2023, St Vincent’s Health Australia began responding to a cyber security incident,” a St Vincent’s spokesman told the SMH.

============
============

“St Vincent’s immediately took steps to contain the incident, engaged external security experts, and notified all relevant state and federal governments and the necessary agencies.

“Late on Thursday, 21 December, St Vincent’s found evidence that cyber criminals had removed some data from our network.

“St Vincent’s is working to determine what data has been removed.”

According to the SMH, St Vincent’s has been in touch with federal and state authorities daily since the incident was discovered, and the provider is working closely with the Australian Cyber Security Centre.

“To date, this incident has not affected the ability of St Vincent’s to deliver the services our patients, residents, and the broader community rely on across our hospital, aged care, and virtual and home health networks,” St Vincent’s said.

As of writing, none of the usual threat actors have taken responsibility, and the stolen data does not seem to have been posted online – as yet.

St Vincent’s Health operates public and private hospitals and aged-care homes in NSW, Victoria, and Queensland and has 22,000 employees.

The acting national cyber security coordinator, Hamish Hansford, has released a statement on the incident, saying that he and the National Office of Cyber Security are working with St Vincent’s.

“My team is working with Services Australia, the Department of Health and Aged Care, and relevant state and territory agencies to ensure a coordinated government response to this incident and to mitigate any flow-on effects,” the coordinator said in a statement on LinkedIn.

“The Australian Signals Directorate’s Australian Cyber Security Centre is also working closely with St Vincent’s.”

The coordinator added that St Vincent’s took immediate steps to “contain the incident” and is working on keeping services running.

“We’re advised that this incident has not affected the ability of St Vincent’s to deliver their important services to patients, residents, and the broader community across their hospital, aged care, and virtual and home health networks,” the coordinator said.

“I know these incidents are distressing for those affected. We are focused on assisting St Vincent’s to consider and address impacts arising from this incident.”

Cyber Daily has reached out to St Vincent’s for further information and was provided with the same statement given to the SMH.

We will update with further developments as they come to light.


Updated 22/12/23 to add further commentary from the National Cyber Security Coordinator.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.