STATEMENT FROM ST VINCENT’S

On Tuesday, 19 December 2023, St Vincent’s Health Australia began responding to a cyber security incident. 

St Vincent’s immediately took steps to contain the incident, engaged external security experts, and notified all relevant state and federal governments and the necessary agencies.  

Late on Thursday, 21 December, St Vincent’s found evidence that cyber criminals had removed some data from our network.  

St Vincent’s is working to determine what data has been removed. 

The investigation into this matter is ongoing.  

Key activities include securing and containing the incident, understanding what the cyber criminals have done, and identifying what data may have been accessed and stolen. 

To date, this incident has not affected the ability of St Vincent's to deliver the services our patients, residents, and the broader community rely on across our hospital, aged care, and virtual and home health networks.  

Our priority is the health and safety of our patients, residents, and our people, and the continuity of St Vincent's services for the community. 

We thank the Australian Government and our state government partners for their support since first notifying them of the incident.

Q&As

1.    When did SVHA first become aware that they were experiencing an incident? 

On Tuesday, 19 December 2023, St Vincent’s Health Australia (SVHA) began responding to a cyber security incident. 

SVHA immediately took steps to contain the incident, engaged external cyber security experts, and notified all relevant state and federal governments and the necessary agencies.

The investigation into this incident is ongoing.

2.    What steps did SVHA take to understand the incident? 

Our teams have worked tirelessly through the night, and into today to:

•    Implement enhanced monitoring of SVHA networks and systems; 

•    Deploy investigatory tools; and 

•    Review system logs and telemetry.

At this time, no new activity by the threat actor has been detected inside St Vincent’s networks since early morning Wednesday, 20 December. Containment activities are still ongoing.

3.    Do you know who might be behind this incident? 

Not at this time.

4.    Do you know if any information that may be sensitive (corporate or personal) may have been accessed? 

Late on Thursday, 21 December, St Vincent’s found evidence that cyber criminals had removed some data from a system. 

St Vincent’s is working to determine what data has been removed.

5.    Do you have any evidence data has been removed from your network? 

Late on Thursday, 21 December, St Vincent’s found evidence that cyber criminals had removed some data from a system. St Vincent’s is working to determine what data has been removed.

6.    Are hospital operations impacted? 

At this time, our ability to deliver the frontline services that our patients, residents, governments and the broader community rely on us for, has not been impacted.

Members of the public with questions should not hesitate to contact St Vincent’s at stvincentscybersafety@svha.org.au or call 1300 124 507.