St Vincent's Health Australia warns cyber attack forensics could "take some time"

St Vincent’s Health Australia (SVHA) said it could “take some time” to establish exactly what data was stolen in a cyber attack before Christmas.

In a statement yesterday, the hospital and aged care facility operator said the work “to determine what data has been removed … is a complex and highly technical activity.”

“We do expect it will take some time before we know exactly what data was taken from our systems,” the organisation said.

“Should we discover that any sensitive information has been stolen by cyber criminals, we will do all that we can to contact the impacted persons to inform them of this, give them information about the steps that they can take to protect themselves and support them through that process.”

The Australian Cyber Security Coordinator, which is part of Home Affairs, said in a post on X that it was also assisting on the forensics activity.

“With cyber incidents like these across a large network of many different systems, it often takes some time to confidently ascertain how the incident occurred, what the threat actor did, what systems they accessed and what was taken,” the coordinator wrote.

“The Australian government is working with St Vincent’s Health Australia and their external cyber security firm to undertake this complex work as quickly as possible.”

SVHA said it has engaged CyberCX as part of its remediation activity, in addition to utilising government agency resources.

The organisation also said it is continuing to deliver frontline health services, and that it was “managing some network disruptions as part of our remediation works” following the attack.

The Australian Federal Police are also said to have opened a criminal investigation into the incident.