Less than a week before Christmas day, St Vincent’s Health, one of Australia’s largest not-for-profit health and aged care providers, detected a breach in its IT system.
On 19 December, it responded to the incident by immediately containing the hack and informing relevant authorities. Two days later, it found that hackers had “removed some data” from its network.
However, the data breach did not affect its ability to deliver services across its hospital, aged care, and virtual and home health networks, St Vincent’s assured in its statement on 22 December. It runs six public hospitals, 10 private hospitals, and 20 aged care facilities in New South Wales, Victoria, and Queensland.
To date, St Vincent’s is still determining which data had been accessed and stolen. It has yet to provide another update on the situation as of writing.
National Cyber Security Coordinator Darren Goldie in a post on X said his office is working with St Vincent’s. The Australian Cyber Security Centre has also been engaged regarding the incident.
THE LARGER TREND
This cybersecurity incident adds to the growing number of Australian hospitals and health facilities that have been easy targets for cybercriminals in recent years since the global pandemic. In October, a data breach was also identified at Personify Care, a third-party provider of digital patient pathways for SA Health. It led to a folder containing the health information of 121 patients getting deleted for a still unidentified reason.
Even despite a spike in cyber incidents reported in healthcare lately, more than a third of major Australian hospitals still do not enforce basic cybersecurity protocols to protect themselves from email fraud and domain spoofing, which are common hacking techniques, according to recent findings from analysis by Proofpoint.