St Vincent’s Health Australia said a forensic examination of data stolen by attackers at the end of last year found it limited to “system, configuration data and network credential data”.
The hospital and aged care services provider disclosed the cyber incident in late December, and was unsure at that stage what data had been exfiltrated.
In a statement, the operator said a forensic investigation of the stolen data had now been completed by CyberCX, providing a better understanding of what it contained.
“The forensic investigation found that the data identified as having been stolen prior to December 19 was approximately 4.3 gigabytes worth of system, configuration data and network credential data,” it said.
“As part of our immediate response we have been undertaking necessary system remediation activities.
“This includes enhancing our 24-hour, 7 day a week monitoring across our digital environment to detect and respond to suspicious activity.”
St Vincent’s Health said that “to the best of CyberCX’s ability to ascertain, there is no evidence that sensitive personal information was stolen from our network”.
“In particular, there is no evidence that any identification documents, medical records or banking information have been stolen from our network,” the organisation said.
The organisation said it had also seen no evidence of personal information or medical records turning up on the dark web.
CEO Chris Blake said that Home Affairs minister Clare O’Neil was briefed on CyberCX’s findings yesterday.
He said St Vincent’s was “deeply appreciative of how the federal government has supported us to navigate an unenviable situation made harder owing to the time of year this occurred.”