Data of domestic violence victims exposed in the ZircoDATA hack

By Liam On May 6, 2024

Victorian Public Health Service Monash Health recently announced that it has been affected by the recent hacking of ZircoDATA.

In February, ZircoDATA, which provides secure document storage, information management, digital conversion and destruction for 9,000 customers across Australia, reported a breach of its system. The Victoria-based company also manages some of Monash Health’s archived historical documents.

On May 3, Monash Health said some historical data on victims of domestic abuse had been made public in the hack.

“Investigative analysis indicates that the Monash Health information involved in the ZircoDATA data breach relates to a selection of archived data from the family violence and sexual assault support units at Monash Medical Centre, Queen Victoria Hospital and Southern Health, limited to the period 1970 to 1993,” Eugine Yafele, CEO of Monash Health, said in a statement.

The National Office for Cybersecurity has been informed of this development.

Monash Health assured that its systems were not compromised or affected by the cyber attack.

“Monash Health deeply regrets that the external breach occurred and we continue to cooperate with ZircoDATA in the investigation,” Yafele said.

THE BIG TREND

Using the dark web, the Black Basta ransomware gang has claimed responsibility for hacking ZircoDATA, saying it stole approximately 395 gigabytes of data, including financial documents, personal information and confidentiality agreements. Initially, the company set a ransom deadline of March 1.

Lt. Gen. Michelle McGuinness, National Cyber Security Coordinator, said it is supporting ZircoDATA in reaching affected customers. She noted that other government agencies have also been affected.

“The majority of these entities are still working with ZircoDATA to identify affected data and any victims, and have yet to begin notifying affected individuals. There are clear processes that ZircoDATA and affected government agencies must work through,” McGuinness said. .

Before the new year, St Vincent’s Health, one of the largest not-for-profit healthcare and aged care providers in the country, also reported a data breach by unidentified hackers, although it said no sensitive data had been stolen.