December 30, 2023
One of Australia's largest health networks that was the subject of a cyber security breach still has no idea whether hackers stole sensitive medical data 10 days after the attack.
St Vincent's national hospital network on Friday revealed it had not figured out whether cyber criminals stole any personal information or even the contents of the data more broadly.
"St Vincent's continues to investigate this cyber crime. Our experts are working around the clock to ascertain the contents of the data copied and stolen from us. This is a complex and highly technical activity," it said.
"Should we discover that any sensitive data has been stolen by cyber criminals, we will do all we can to contact those affected and give them information about the steps they can take to protect themselves and support them through that process." Peak medical bodies, unions and the opposition have blasted the organisation amid concern it had failed to protect private information that could undermine Australia's confidence in the hospital system more broadly.
St Vincent's, operator of 10 hospitals and 26 aged-care centres in NSW, Queensland and Victoria, confirmed it was first hacked on December 19, prompting the hospital to notify relevant state and federal governments.
However, it waited until last Friday until it notified the public and staff members, after it found evidence that cyber criminals had removed data from its network on Thursday evening.
"No cyber criminal activity has been detected on St Vincent's networks since Wednesday 20 December," the organisation said.
The Coalition called on the government on Friday to confirm and reassure Australians it was helping the hospital to figure out what was stolen.
In a statement from opposition health spokeswoman Anne Ruston and home affairs spokesman James Paterson, the Coalition urged Labor to "assure Australians that our nation's crucial health infrastructure and the data it holds are secure".
"The opposition has been calling on the government for over a week to publicly confirm and reassure Australians that they are assisting St Vincent's in identifying what information was compromised in the data breach. At a time where national leadership is most needed we have an acting Minister for Cyber Security and an acting National Cyber Security Coordinator managing this incident," the statement said.
"This government must give cyber security the attention it deserves to assure Australians that our nation's crucial health infrastructure and the data it holds are secure." Acting Cyber Security Coordinator Hamish Hansford said it often took time to ascertain how the cyber attack occurred in incidents where the organisation had large and complex networks.
