Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Guardian - AU
The Guardian - AU
National
Benita Kolovos

St Vincent’s Health Australia says data stolen in cyber-attack

The exterior of St Vincent's Hospital in Sydney.
St Vincent’s Health Australia, which operates two major inner-city hospitals in Melbourne and Sydney, says an investigation into the cyber-attack, and what data was stolen, is ongoing. Photograph: Mick Tsikas/AAP

St Vincent’s – Australia’s largest not-for-profit health and aged care provider – has confirmed it has fallen victim to a cyber-attack and hackers have stolen some of its data.

In a statement, St Vincent’s Health Australia confirmed it began responding to a cybersecurity incident on Tuesday. It discovered late on Thursday that data had been stolen.

“St Vincent’s immediately took steps to contain the incident, engaged external security experts and notified all relevant state and federal governments and the necessary agencies,” it said on Friday.

“Late on Thursday 21 December, St Vincent’s found evidence that cybercriminals had removed some data from our network. St Vincent’s is working to determine what data has been removed.”

The health provider said the investigation was ongoing and included “working to secure its systems, understand what the cybercriminals have done and identify what data may have been accessed and stolen”.

“To date, this incident has not affected the ability of St Vincent’s to deliver the services our patients, residents and the broader community rely on across our hospital, aged care, and virtual and home health networks,” it said.

“Our priority is the health and safety of our patients, residents and our people, and the continuity of St Vincent’s services for the community.”

The acting national cyber security coordinator, Hamish Hansford, said work was being done with National Office of Cyber Security, Services Australia, the Department of Health and Aged Care, and relevant state and territory agencies “to ensure a coordinated government response to this incident and to mitigate any flow-on effects”.

“The Australian Signals Directorate’s Australian Cyber Security Centre is also working closely with St Vincent’s,” the coordinator said in a statement.

“St Vincent’s has taken immediate steps to contain the incident and is prioritising the health and safety of its patients and people and the continuity of services for the community.

“I know these incidents are distressing for those affected. We are focused on assisting St Vincent’s to consider and address impacts arising from this incident.”

St Vincent’s operates two major inner-city hospitals in Melbourne and Sydney, as well as 10 private hospitals and 26 aged care facilities. It employs about 30,000 people.

It is not the first major company to be hit by a cyber attack in recent years, with both Medibank and Optus also falling victim.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.