No health data stolen in hack on major hospital network
Maeve Bannister |
A month-long investigation into a cyber attack on a major hospital and aged-care network has found it was unlikely that sensitive personal information was stolen in the hack.
St Vincent’s Health Australia, which operates public hospitals in inner-city Sydney and Melbourne, has been responding to a data hack discovered the week before Christmas.
The organisation on Thursday released a statement saying a forensic investigation had found no evidence that documents such as driver’s licences, passports, Medicare cards, medical records or banking information were stolen during the hack.
Experts monitoring the dark web had also not detected any stolen data being posted.
“The forensic investigation found that the data identified as having been stolen prior to 19 December was approximately 4.3 gigabytes worth of system, configuration data and network credential data,” St Vincent’s said.
“As part of our immediate response we have been undertaking necessary system remediation activities (and) this includes enhancing our 24-hour, seven-day a week monitoring across our digital environment to detect and respond to suspicious activity.”
Chief executive Chris Blake said he had briefed federal Cyber Security Minister Clare O’Neil about the findings of the investigation.
“The early engagement and strong support provided by the federal government gave St Vincent’s the confidence to respond to this incident with both our partners and stakeholders but also with the public with transparency,” he said.
“Our partners in the NSW, Victorian and Queensland departments of health have worked closely with us to ensure the on-going safe delivery of our mission to our patients and residents around Australia.”
St Vincent’s is a non-profit organisation that also operates 10 private hospitals in NSW, Victoria and Queensland.
The organisation employs nearly 30,000 people across its various sites, including 26 aged-care facilities.AAP