Less than a week before Christmas Day, St Vincent's Health, one of Australia's largest not-for-profit healthcare and aged care providers, discovered a breach of its IT system.
On December 19, it responded to the incident by immediately containing the hack and informing the relevant authorities. Two days later, it discovered that hackers had deleted “some data” from its network.
However, the data breach did not affect the company's ability to provide services through its hospital, elderly care, virtual health and home care networks, St. Vincent's assured in its December 22 statement. It operates six public hospitals, ten private hospitals and twenty aged care facilities in New South Wales, Victoria and Queensland.
To date, St. Vincent's is still investigating what data was accessed and stolen. It has not provided any new update on the situation at the time of writing.
National Cybersecurity Coordinator Darren Goldie said in a post on X that his office is working with St. Vincent's. The Australian Cyber Security Center is also involved in the incident.
THE BIG TREND
This cybersecurity incident adds to the growing number of Australian hospitals and healthcare facilities that have been easy targets for cybercriminals in recent years since the global pandemic. In October one A data breach was also identified at Personify Care, a third-party digital patient journey provider for SA Health. It led to a folder containing the health information of 121 patients being deleted for a still unknown reason.
Even despite ifPSimilar to the cyber incidents reported in healthcare in recent times, more than a third of major Australian hospitals are still not enforcing basic cybersecurity protocols to protect themselves against email fraud and domain spoofing, which are common hacking techniques, according to recent findings from analysis by Proofpoint.