The nation’s largest Not For Profit health and aged care provider says last month's cyber attack has not impacted the delivery of the services to patients, residents, and the broader community in its hospital, aged care, and virtual and home health networks.
"We are managing some important network disruptions as part of our remediation works," St Vincent's Health Australia said in its latest statement.
The Australian Federal Police is investigating the data theft that St Vincent's Health Australia became aware of on 19 December and became public on 22 December.
"We thank the Australian Government, our state government partners, and our commercial and clinical partners, for their support," said St Vincent's Health Australia.
"We have also updated federal and state government authorities, including the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, as well as our key partners, and stakeholders."
The provider, which has 23 aged care facilities, has defended its decision not to make the cyber attack public for three days after it happened.
"St Vincent’s took immediate steps to contain the incident upon its discovery. We also engaged external security experts, notified all relevant state and federal governments and their necessary agencies," it said.
"Late on the evening of Thursday, 21 December, St Vincent’s found evidence that cyber criminals had removed some data from our network. We notified regulators, governments, our staff, and the public of this information on Friday morning.
"St Vincent’s is working to determine what data has been removed. This is a complex and highly technical activity and we do expect it could take some time."
St Vincent's is not the first aged care provider to fall victim to a cyber attack. Both Regis Aged Care and UnitingCare Queensland have dealt with significant cyber incidents in recent years.
