Major Cyberattack Targets Australia’s Largest Not-For-Profit Hospital Network
St Vincent’s Health Australia and authorities are investigating what data has been stolen during the incident.
Cybercriminals have managed to hack into the database of Australia’s largest not-for-profit health and aged care provider, forcing authorities to scramble to figure out the details of the incident.
On Dec. 22, St Vincent’s Health Australia, which operates 10 private hospitals and 26 aged-care facilities across New South Wales, Victoria, and Queensland, announced that it discovered a hack a few days earlier.
“On Tuesday, 19 December 2023, St Vincent’s Health Australia began responding to a cybersecurity incident,” the hospital network said in a statement.
“Late on Thursday, 21 December, St Vincent’s found evidence that cyber criminals had removed some data from our network.”
St Vincent’s Health said it had taken measures to isolate the data breach and inform relevant government departments.
The hospital network is now investigating the breach to find out what data had been stolen.
It is currently unclear whether the hackers had gained access to patients’ medical records.
At the same time, the hospital network assured the public that the hack had no impact on its normal operations.
“To date, this incident has not affected the ability of St Vincent’s to deliver the services our patients, residents, and the broader community rely on across our hospital, aged care, and virtual and home health networks,” the statement read.
“Our priority is the health and safety of our patients, residents, and our people, and the continuity of St Vincent’s services for the community.
The Epoch Times has reached out to St Vincent’s for comment but did not receive a reply in time for publication.
Authorities Are Resolving the Hack
Following St Vincent’s announcement, National Cyber Security Coordinator Darren Goldie said his team is working to resolve the data breach.
“My team is working with Services Australia, the Department of Health and Aged Care, and relevant State and Territory agencies to ensure a coordinated government response to this incident and to mitigate any flow-on effects,” he said in a social media post.
“I know these incidents are distressing for those affected. We are focused on assisting St Vincent’s to consider and address impacts arising from this incident.”
During a press conference, Prime Minister Anthony Albanese said he was not informed of the hack but would get a briefing when appropriate.
“Cyber security is a major issue. The government has responded by having a cyber security minister, having a cyber security strategy that we announced recently,” he told reporters.
The data breach is the latest incident in a series of cyberattacks targeting large corporations and government agencies in Australia since September 2022.
In early November 2023, Australia’s second-largest port operator, DP World, suffered a cyberattack, forcing the company to suspend all operating activities.
While the company managed to resume operation a few days after the incident, it warned of further disruptions due to the hack’s impact.
The incident sparked fears about a massive supply chain disruption that could cause goods shortages across the country ahead of the Christmas holiday season.
Home Affairs and Cybersecurity Minister Clare O’Neil acknowledged that Australia was vulnerable to cyberattacks.
