Australian healthcare provider St. Vincent’s has data stolen during cyberattack


Australia’s largest non-profit healthcare provider was hit by a cyberattack this week, resulting in data being stolen from its networks.

In a statement on Friday, St Vincent’s Health Australia said it was working with the Australian government and state-level officials to resolve the cyber incident, which began on Tuesday.

The hospital network, which was founded more than 180 years ago, did not respond to requests for comment about whether it was a ransomware attack but said it “immediately took steps to contain the incident, engaged external security experts, and notified all relevant state and federal governments and the necessary agencies.”

“Late on Thursday, 21 December, St Vincent’s found evidence that cyber criminals had removed some data from our network. St Vincent’s is working to determine what data has been removed. The investigation into this matter is ongoing,” they said.

“Key activities include securing and containing the incident, understanding what the cyber criminals have done, and identifying what data may have been accessed and stolen. To date, this incident has not affected the ability of St Vincent’s to deliver the services our patients, residents, and the broader community rely on across our hospital, aged care, and virtual and home health networks.”

The Australian National Office of Cyber Security confirmed that it is working with the hospital to respond to the incident.

St. Vincent’s said no new activity from the hackers has been detected inside St Vincent’s networks since early Wednesday but noted that “containment activities are still ongoing.”

No group had taken credit for the incident, the hospital explained, adding that it is still determining what kind of information was stolen.

St. Vincent’s runs six public hospitals, 10 private hospitals and 20 elderly care facilities. It has more than 20,000 employees across hospitals in New South Wales, Victoria and Queensland.

Devastating attacks on prominent Australian institutions like Medibank, Latitude Financial, DP World Australia and Optus have roiled the Australian public over the last 16 months, prompting wholesale changes to the government’s stance on cybersecurity.

The government — which dealt with its own data breach in Tasmania — published a revamped national cybersecurity strategy in November that will see nearly $400 million spent over the next seven years to address cybersecurity issues.

Hackers, particularly those involved in ransomware gangs, have repeatedly increased attacks on healthcare facilities during the holiday season in hopes of extracting larger ransoms while many IT teams are lightly staffed.

During the Christmas season in 2022, the LockBit ransomware gang was forced to apologize after attacking Toronto’s Hospital for Sick Children, Canada’s largest pediatric health center.

In the last week alone, ransomware gangs attempted to extort cancer patients after attacking a prominent cancer center in Seattle and forced a hospital in Kansas City to send patients to other facilities after bringing down their entire computer system.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Game studio Ubisoft examines claims of data security incident

Next Post

Fidelity National Financial subsidiary says 1.3 million affected by November cyberattack

Related Posts

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to "This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as
Read More