An update from St Vincent's Health Australia

Since its statement last Friday regarding the attack by cyber criminals, St Vincent’s has been working tirelessly with federal and state governments, law enforcement, and our cyber experts.

Today we again briefed our close to 30,000 team members on the latest information regarding this investigation and monitoring work.

The staff at St Vincent’s provide some of the best care in the world to our patients and residents. Our key priority in responding to this cyber criminal attack has been to preserve and protect the critical work of our staff on behalf of millions of Australians every year.

On Tuesday, 19 December, St Vincent’s began responding to a cyber security incident.

On that day, St Vincent’s immediately took steps to contain the incident, engaged external security experts CyberCX, and notified all relevant state and federal governments and their necessary agencies.

No cyber criminal activity has been detected on St Vincent’s networks since Wednesday, 20 December.

Late on the evening of Thursday, 21 December, St Vincent’s found evidence that cyber criminals had removed some data from our network. We notified regulators, governments, our staff, and the public of this information on the morning of Friday, 22 December.

St Vincent’s continues to investigate this cyber crime. Our experts are working around the clock to ascertain the contents of the data copied and stolen from us. This is a complex and highly technical activity.

Should we discover that any sensitive data has been stolen by cyber criminals, we will do all we can to contact those affected and give them information about the steps they can take to protect themselves and support them through that process.

To date, the activities of the cyber criminals have not impacted the ability of St Vincent's to deliver the services our patients, residents, and the broader community rely on across our hospital, aged care, and virtual and home health networks. We are managing some important network disruptions as part of our remediation works.

We thank the Australian Government, our state government partners, and our commercial and clinical partners, for their support.

We have also updated federal and state government authorities, including the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, as well as our key partners, and stakeholders.

The Australian Federal Police are engaged with the matter and St Vincent's is fully supporting their criminal investigation.

We have established a dedicated support line 1300 124 507, as well as a dedicated email address stvincentscybersafety@svha.org.au, for anyone wishing to seek further information about this matter.