A forensic investigation has found no sensitive personal information was stolen, says the healthcare organisation.
St Vincent’s Health Australia has told the media that no medical records or other sensitive personal information was stolen during the cyber security incident it experienced just before Christmas.
The organisation said a forensic investigation by CyberCX found that the attack had comprised approximately 4.3 gigabytes worth of system, configuration data and network credential data.
“That forensic investigation has concluded that, to the best of CyberCX’s ability to ascertain, there is no evidence that sensitive personal information was stolen from our network by the cyber criminals,” says the statement, according to Pulse+IT.
“In particular, there is no evidence that any identification documents (driver’s licences, passports, Medicare cards), medical records or banking information have been stolen from our network.”
It also said monitoring activities had not detected evidence of any stolen data being posted on the dark web.
System remediation activities had been undertaken, St Vincent’s said, including enhanced 24-hour, seven day a week monitoring across its digital environment.
“We are deeply appreciative of how the Federal Government has supported us to navigate an unenviable situation made harder owing to the time of year this occurred,” said CEO Chris Blake.
“The early engagement and strong support provided by the federal government gave St Vincent’s the confidence to respond to this incident with both our partners and stakeholders but also with the public with transparency. “Our partners in the New South Wales, Victorian and Queensland Departments of Health have worked closely with us to ensure the on-going safe delivery of our Mission to our patients and residents around Australia.”
