St Vincent’s Health Australia is working to contain a cyber incident that has seen an unknown amount of data stolen from one of its systems.
The hospital and aged care operator said in a statement that the attack was first detected on Tuesday December 19.
The threat actor had not performed any actions “since early morning Wednesday, December 20”, SVHA said, however it was determined a day later that some data had been exfiltrated.
“St Vincent’s is working to determine what data has been removed,” it said.
“The investigation into this matter is ongoing.”
The organisation said that it had called in expertise from governments, agencies and “external security experts” to investigate and contain the incident.
In addition, the experts are also attempting to determine what data may have been “accessed” but not stolen by the threat actor.
SVHA added that it was still operating and delivering services, despite the incident.
The national cyber security coordinator said on X that they were involved in the incident containment.
“The National Office of Cyber Security and I are working with St Vincent’s Health Australia, which is the victim of a cyber incident impacting their networks and data,” the statement read.
“My team is working with Services Australia, the Department of Health and Aged Care, and relevant state and territory agencies, to ensure a coordinated government response to this incident and to mitigate any flow-on effects.
“The Australian Cyber Security Centre is also working closely with St Vincent’s.”