Media Release

Thursday, 25 January 2024

Statement from St Vincent’s Update on Cyber Security Incident and Forensic Investigation

St Vincent’s has been responding to a cyber security incident since Tuesday 19 December 2023.

Yesterday our external experts CyberCX completed their forensic investigation into data that was accessed or stolen by the cyber criminals.

That forensic investigation has concluded that, to the best of CyberCX’s ability to ascertain, there is no evidence that sensitive personal information was stolen from our network by the cyber criminals.

In particular, there is no evidence that any identification documents (driver’s licences, passports, Medicare cards), medical records or banking information have been stolen from our network.

Monitoring activities have not detected evidence of any stolen data being posted on the dark web.

The forensic investigation found that the data identified as having been stolen prior to 19 December was approximately 4.3 gigabytes worth of system, configuration data and network credential data.

As part of our immediate response we have been undertaking necessary system remediation activities. This includes enhancing our 24-hour, 7 day a week monitoring across our digital environment to detect and respond to suspicious activity.

At all times our priority has been to maintain the safe operation of our hospital, aged care, community, virtual and home care services.

We have committed to engaging transparently with our people, our patients and residents, our valued partners and the community as the situation has developed. We have briefed Federal and State Governments, including regulators on the findings of this investigation.

Quotes attributable to CEO Chris Blake

“St Vincent’s was founded by five courageous and innovative women – the Sisters of Charity – and today their Mission lives on in every single one of our almost 30,000 people.

“We are deeply proud of how our people to serve their patients and residents with the highest level of care every single day.

“Yesterday I briefed Minister Clare O’Neil on the findings of this forensic investigation.

“We are deeply appreciative of how the Federal Government has supported us to navigate an unenviable situation made harder owing to the time of year this occurred.

“In particular, the support of the Acting National Cyber Security Coordinator, the National Office of Cyber Security, the Australian Signals Directorate, the Australian Federal Police and the Department of Health and Aged Care has been invaluable to us.

“The early engagement and strong support provided by the Federal Government gave St Vincent’s the confidence to respond to this incident with both our partners and stakeholders but also with the public with transparency.

“Our partners in the New South Wales, Victorian and Queensland Departments of Health have worked closely with us to ensure the on-going safe delivery of our Mission to our patients and residents around Australia.

“St Vincent’s has been providing health care to those most in need in our community for over 160 years. Today we are Australia’s largest not-for-profit provider of health and aged care services.”

Media contact: Dextor Gillman 0439 393 196