Media Release

Thursday, 11 January 2024

Statement from St Vincent’s - Update on Cyber Incident and our Response

St Vincent’s is continuing to respond to a cyber security incident first identified on Tuesday, 19 December 2023.

Our hospitals, aged care, and virtual and home health networks have continued to operate safely throughout this period. This incident has not impacted our ability to deliver the services our patients, residents, and the broader community rely on.

The investigation

The key facts of the investigation remain unchanged:

  • Suspicious activity on our network was detected on Tuesday 19 December; state and federal regulators were notified; and we began working with cyber security experts, CyberCX, to respond.
  • Since the morning of Wednesday, 20 December we have not detected any activity by the cyber criminals.
  • On the evening of Thursday, 21 December our investigation found evidence that some data had been stolen from our system (prior to 19 December). We notified the public of this and have worked since then to ascertain the nature of that data.
  • At this stage of the investigation, there has been no evidence that the stolen data contains any sensitive personal information.
  • Our monitoring activities have not detected evidence of any stolen data being posted on the dark web.
  • We have also been undertaking necessary system response and remediation activities.

Why this work is complex

We know that our staff, patients, residents, partners and the public want to know the status of the investigation. They particularly want to understand what, if any, sensitive personal information has been stolen by the cyber criminals.

We recognise that it may be frustrating and difficult to hear that this work is ongoing and that answers are not yet clear. We also feel that frustration.

While we are continuing to conduct extensive digital forensic analysis, this work has been made more complex because the cyber criminals undertook anti-forensic measures to obscure their activities within our networks.

We are continuing to work with cyber security specialists, the Australian Cyber Security Centre, the National Cyber Security Coordinator, the Australian Federal Police, the Office of the Australian Information Commissioner, and other state and federal government bodies closely.

How we will support impacted individuals

Our focus remains on delivering the services, care and compassion to the people and communities we serve.

At this stage of this investigation, there is no evidence that any sensitive personal information has been stolen from our network. However, if this changes, St Vincent’s will activate a comprehensive response plan and offer support services to those affected.

We have established a dedicated support line – 1300 124 507 – and email address – stvincentscybersafety@svha.org.au – for anyone who wants to contact us on this matter.

Media contact: Dexter Gillman 0439 393 196


Q&As

When did St Vincent's first become aware that they were experiencing an incident?

On Tuesday, 19 December 2023, St Vincent’s Health Australia (SVHA) began responding to a cyber security incident.

SVHA immediately took steps to contain the incident, engaged external cyber security experts, and notified all relevant state and federal governments and the necessary agencies.

The investigation into this incident is ongoing.

Why did it take until Friday 22 December 2023 to tell the public?

St Vincent’s took immediate steps to contain the incident upon its discovery. We also engaged external security experts, notified all relevant state and federal governments and their necessary agencies.

Late on the evening of Thursday, 21 December, St Vincent’s found evidence that cyber criminals had removed some data from our network. We notified regulators, governments, our staff, and the public of this information on Friday morning.

What steps did St Vincent's take to understand the incident?

Our teams have worked tirelessly through the night, and into today to:

  • Implement enhanced monitoring of St Vincent's networks and systems;
  • Deploy investigatory tools; and
  • Review system logs and telemetry.

At this time, no new activity by the threat actor has been detected inside St Vincent’s networks since early morning Wednesday, 20 December. Containment activities are still ongoing.

Do you know who might be behind this incident?

Not at this time.

Do you know if any information that may be sensitive has have been stolen?

Late on Thursday, 21 December, St Vincent’s found evidence that cyber criminals had removed some data from a system.

St Vincent’s is working to determine what data has been removed. This is a complex and highly technical activity and we do expect it could take some time.

Do you have any evidence data has been removed from your network?

Late on Thursday, 21 December, St Vincent’s found evidence that cyber criminals had removed some data from a system.

St Vincent’s is working to determine what data has been removed. This is a complex and highly technical activity and we do expect it could take some time.

When will SVHA be able to say what type of data was stolen?

This is a complex and highly technical investigation, and we do expect it will take some time before we know exactly what data was taken from our systems.

How will you notify patients or staff if their data has been stolen?

Should we discover that any sensitive information has been stolen by cyber criminals, we will do all that we can to contact the impacted persons to inform them of this, give them information about the steps that they can take to protect themselves and support them through that process.

Are hospital operations impacted?

At this time, our ability to deliver the frontline services that our patients, residents, governments and the broader community rely on us for, has not been impacted. We are managing some network disruptions as part of our remediation works.

What support is available?

We have established a dedicated support line 1300 124 507 and email address stvincentscybersafety@svha.org.au for anyone with additional questions about this matter.