Major Hospital Network Says No Sensitive Personal Data Stolen in December Hack


Cyber security experts said there was no evidence that identification documents was stolen from St Vincent’s database.

Australia’s largest not-for-profit health and aged care network has confirmed that it was unlikely hackers had stolen patients’ sensitive information following a data breach in December 2023.

On Jan. 25, St Vincent’s Health Australia announced the result of a month-long forensic investigation into the hack.

Experts from the cyber security firm CyberCX found there was no evidence that cybercriminals were able to retrieve sensitive personal information from the hospital network’s database.

“In particular, there is no evidence that any identification documents (driver’s licences, passports, Medicare cards), medical records or banking information have been stolen from our network,” St Vincent’s said in a statement.

“Monitoring activities have not detected evidence of any stolen data being posted on the dark web.”

St Vincent’s, which operates 10 private hospitals and 26 aged-care facilities across New South Wales, Victoria, and Queensland, suffered a data breach on Dec. 19.

Related Stories

Australia Imposes Sanctions on Russian for Medibank Cyber Attack
Hackers Attack Australia’s Largest Not-For-Profit Hospital Network

After the incident occurred, the hospital network quickly took measures to isolate the data breach and inform relevant government departments.

As the investigation progressed, CyberCX experts found 4.3 gigabytes worth of system, configuration data and network credential data were stolen from St Vincent’s database prior to Dec. 19.

“As part of our immediate response, we have been undertaking necessary system remediation activities [and] this includes enhancing our 24-hour, seven-day-a-week monitoring across our digital environment to detect and respond to suspicious activity,” the hospital network said.

St Vincent’s CEO Chris Blake also stated that he had informed Cyber Security Minister Clare O’Neil about the investigation’s findings and expressed gratitude to federal and state governments for their support.

“The early engagement and strong support provided by the federal government gave St Vincent’s the confidence to respond to this incident with both our partners and stakeholders but also with the public with transparency,” he said.

“Our partners in the NSW, Victorian, and Queensland departments of health have worked closely with us to ensure the on-going safe delivery of our mission to our patients and residents around Australia.”

St Vincent’s data breach is the latest incident in a series of cyberattacks targeting large corporations and government agencies since September 2022 that rocked the country.

The attacks have exposed Australia’s cyber security weaknesses and caused an increasing number of Australians to be anxious about the safety of their personal data.

Australia Imposes Sanctions on Russian Hacker

St Vincent’s announcement comes just days after the Australian government imposed cyber sanctions on a Russian individual for hacking the database of Medibank, one of Australia’s largest health insurers, 18 months ago.

The Australian government found Russian citizen Aleksandr Ermakov responsible for the cyberattack, which resulted in 9.7 million records being allegedly stolen, including Medicare numbers, sensitive medical information, dates of birth, and names.

The attack also caused Medibank to suffer $46.4 million (US$30.5 million) in financial damage.

As a result, the federal government imposed a travel ban and targeted financial sanctions on the Russian man, making it a criminal offence to provide assets or financial services to him.

A woman walks past a ‘medibank’ shopfront in Canberra, Australia, on Oct. 20, 2022. (AAP Image/Lukas Coch)
A woman walks past a ‘medibank’ shopfront in Canberra, Australia, on Oct. 20, 2022. (AAP Image/Lukas Coch)

Foreign Minister Penny Wong said the cyber sanctions would send a clear message to cybercriminals that there would be “costs and consequences” for targeting Australia and its citizens.

However, Shadow Home Affairs Minister James Paterson questioned why the federal Labor government took so long to take action.

“While the announcement this morning of Magnitsky sanctions against Russian cyber criminals is welcome, the question is what took the Albanese government so long? The Opposition first called on them to do so in November 2022,” he said on X.

Monica O’Shea contributed to this article.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *