Anglicare Sydney has revealed 17GB of its data was transmitted “to a remote location” after a ransomware attack but claims “there is no current evidence that data has been stolen”.
The retirement and aged care provider said that it was subject to a “malicious cyber attack” on August 31, which took out its systems.
On Tuesday last week, it confirmed the cause was a ransomware infection, and it has now provided an update over the weekend pointing to some of the other impacts of the attack aside from system availability.
While it said that “at this stage, there is no current evidence that data has been stolen”, it went on to say that it had “identified 17GB of data transmission to a remote location and this forms part of the forensic investigation in progress.”
“It is therefore premature to speculate on the impact,” Anglicare Sydney said.
The organisation said it had an incident response system in place and would restore from offsite backups.
It “would not entertain engaging with cyber criminals,” the organisation added, a clear message that it would not pay a ransom despite what appears to be a significant data exfiltration event.
In addition to notifying “third-party partners, including government agencies as required by agreements and legislation”, the NSW Police and the Australian Signals Directorate had also been engaged.
Anglicare Sydney said its compromise was “part of increased illegal cyber activity targeting the Australian health and aged care sectors alongside other sectors seeking to obtain funds via ransomware activity.”
Around the same time, ASX-listed aged care provider Regis Healthcare also lost data to an overseas-based attacker that started leaking it.
That case prompted an industry-wide warning by federal cyber security authorities.