What Has Happened?
Australia’s largest not-for-profit health and aged care provider has fallen victim to a cyberattack. This attack was discovered on the 19th of December, and it has been carried out in the same way as a 2022 data breach that crippled private health insurer Medibank. It is believed the cyberattack was carried out by a sophisticated group of cybercriminals who gained access to the organisation’s data through a compromised account.
Data Exposed
The organisation has confirmed that data has been removed from a system but is yet to determine the quantity and type of data stolen in the attack, which has left customers and potentially affected individuals in the dark. The organisation has advised, “Should we discover that any sensitive data has been stolen by cybercriminals, we will do all we can to contact those affected and give them information about the steps they can take to protect themselves and support them through that process”.
“The investigation is highly complex. In other cybercrimes, criminals have deployed ransomware or contacted the victim organisation with copies of the data they have stolen,” an anonymous St Vincent’s spokesperson said. “This hasn’t happened yet in this incident, so the forensic efforts to trace the criminals’ work backwards takes time.”
Attack Method
Two sources from the organisation have revealed evidence collected so far pointed to stolen login credentials as the cause of the attack.
As with the St Vincent’s health network, the Medibank hack began with the theft of credentials belonging to an individual with privileged access to its internal systems. In the case of Medibank, these credentials were bought on the dark web by an anonymous buyer who then used them to gain access to the insurer’s internal systems.
Some of the stolen credentials used in the attack came from computers running Windows Home, which is usually used for personal devices – that had access to St Vincent’s work services. The malware tools identified in the attack are often inadvertently installed by someone when downloading or installing pirated content or clicking on a malicious link.
“So you have a really perfect storm where they have a personal computer infected but they are accessing work services from home with a device that isn’t as well locked down,” Mr O’Reilly said (Chief Executive of cybersecurity company Dvuln).
Support
The health network has set up a support line (1300 124 507) and email contact (stvincentscybersafety@svha.org.au) for anyone seeking more information. Further updates, information releases, and questions/answers can be found at the St Vincent’s Health Australia Website.
If you’re concerned you have become a victim of identity theft or have fallen victim to a scam, you can contact IDCARE, Australia’s national identity and cyber support service.
Sources:
Hello —
Will any further updates be issued regarding the recent cyber security incident, and the mitigation activities your organization has taken in response to this event?
Hi Chris,
Please see the below update from the organisation.
”
That forensic investigation has concluded that, to the best of CyberCX’s ability to ascertain, there is no evidence that sensitive personal information was stolen from our network by the cyber criminals.
In particular, there is no evidence that any identification documents (driver’s licences, passports, Medicare cards), medical records or banking information have been stolen from our network.
”
With this information, no mitigation actions are required by UNE.
More information and news can be found on the organisations website (https://svha.org.au/news/latest).