St. Vincent’s cyber assault snares precious Australian healthcare data.

December 23, 2023
1 min read

Australian healthcare provider St. Vincent’s has experienced a cyberattack resulting in the theft of data from its networks. The incident began on Tuesday, and St. Vincent’s is currently working with the Australian government and state-level officials to resolve the situation. While it is unclear whether this was a ransomware attack, the hospital network has taken steps to contain the incident, engage external security experts, and notify the relevant authorities. So far, no new activity from the hackers has been detected, and containment efforts are ongoing.

St. Vincent’s runs multiple hospitals and elderly care facilities, employing over 20,000 people across hospitals in New South Wales, Victoria, and Queensland. This attack is the latest in a series of devastating cyberattacks on prominent Australian institutions, prompting the government to revamp its national cybersecurity strategy and allocate nearly $400 million to address cybersecurity issues over the next seven years.

This incident highlights the increasing threat cybercriminals pose to healthcare facilities, particularly during the holiday season when IT teams are typically understaffed. Ransomware gangs have been targeting healthcare facilities in hopes of extracting larger ransoms. Just last year, the LockBit ransomware gang attacked Toronto’s Hospital for Sick Children, and more recently, cancer centers in Seattle and a hospital in Kansas City were targeted.

The stolen data from St. Vincent’s is still under investigation, and the hospital is working to determine what information was compromised during the breach. This incident serves as a reminder of the importance of robust cybersecurity measures and the need for healthcare organizations to invest in cybersecurity solutions to protect sensitive patient data.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and