What happened
In December 2023 St Vincent’s Health Australia — one of the country’s largest not-for-profit health and aged-care providers — disclosed a cyberattack in which data was removed from its network. The organisation said it was still working to determine exactly what data had been taken [svha-company], [svha-cyberdaily].
Timeline
- 2023-12-19 — The cyberattack occurred [svha-cyberdaily].
- 2023-12-21 — St Vincent’s identified that data had been removed from its network and notified government agencies [svha-cyberdaily].
- 2023-12 — The Australian Cyber Security Centre and National Office of Cyber Security engaged on the response [svha-company], [svha-cyberdaily].
Current status
Under investigation. St Vincent’s did not, at disclosure, publish the scope of data taken or a count of affected people, so no figure is asserted here.
Why it matters
Another major Australian health provider targeted in a run of health-sector attacks — a sector holding some of the most sensitive personal data, and one where disruption carries direct clinical risk.