The recent St Vincent’s Health cyberattack was carried out by a sophisticated group of cybercriminals who gained access to the organisation’s data through a compromised account, investigators believe, in a breach similar to the one that crippled Medibank almost a year ago.
Two sources directly involved in the investigation but not authorised to speak publicly told this mastheadthat evidence collected so far pointed to stolen login credentials as the cause of the attack that has left thousands of St Vincent’s patients in the dark about whether sensitive health information has been exposed.
The St Vincent’s cyberattack was discovered on December 19.Credit: Kate Geraghty
Hackers can use fake emails, also known as phishing emails, to trick staff members into giving up their login information. The stolen credentials can then be used to carry out cyberattacks.
Details about the compromised account were not available on the dark web, meaning the attack was probably orchestrated by sophisticated cybercriminals who were targeting the hospital, the sources said.
It is estimated there are more than 15 billion stolen credentials circulating on the dark web. These are bought and then often used by cybercriminals to impersonate employees and access sensitive information or systems that they would not otherwise have access to.
The St Vincent’s cyberattack, discovered on December 19 and first reported by this masthead, was carried out in the same way as a 2022 data breach that crippled private health insurer Medibank, which is now facing class action lawsuits and a potential fine from the Office of the Australian Information Commissioner.
Investigators are working to determine what data has been stolen.Credit: Peter Rae
In October 2022, Medibank hackers published troves of sensitive data on Australian citizens in a bid to force a ransom payment, and those files were ultimately dumped onto the dark web containing information about customers who had been diagnosed with HIV or who had received abortions.
As with the St Vincent’s health network, the Medibank hack began with the theft of credentials belonging to an individual with privileged access to its internal systems. In the case of Medibank, these credentials were bought on the dark web by an anonymous buyer who then used them to gain access to the insurer’s internal systems.
An individual at St Vincent’s connected to the investigation who was not authorised to speak publicly said investigators were still working to identify what data has been pilfered.
“The investigation into the stolen data continues at pace,” they said. “The needle continues to move on the exact quantity of the data stolen. We are yet to find any personal information stolen as part of the hack, but this could very quickly change.
“The investigation is highly complex. In other cybercrimes, criminals have deployed ransomware or contacted the victim organisation with copies of the data they have stolen,” the person said. “This hasn’t happened yet in this incident, so the forensic efforts to trace the criminals’ work backwards takes time.”
The dark web is a part of the internet accessible only through special software, allowing users to remain anonymous. It is commonly used for illegal activities.
This masthead broke the news of the St Vincent’s cyber incident on December 22. Patients have since expressed worry about the security of their health information as well as frustration over a perceived lack of communication.
One patient who is receiving care at St Vincent’s Private Hospital in East Melbourne for COVID-19 complications said she was horrified that her sensitive health information might have been stolen by hackers.
Loading
“There’s been no notification to patients about this at all. It’s like they are just pretending nothing’s happened and that’s absolutely appalling,” the patient, who did not want to be identified for medical reasons, said. “I just want some understanding of what’s happening.
“If my records are revealed, I’m not sure, it might mean I have some difficulty buying travel insurance, or my premiums might go up, for example. It’s not the best Christmas present I have ever had … We’ve just been left in the dark and it’s not good enough.”
A source close to the hospital confirmed that most St Vincent’s patients had not been contacted about the cyber incident because it was unclear if any personal information had been stolen. However, aged care residents and their families have been contacted informing them about the hack.
St Vincent’s Health operates hospitals in NSW, Victoria and Queensland, including three public and 10 private hospitals and 26 aged care facilities.
Loading
“Should we discover that any sensitive data has been stolen by cybercriminals, we will do all we can to contact those affected and give them information about the steps they can take to protect themselves and support them through that process,” a St Vincent’s spokesman said.
“To date, the activities of the cybercriminals have not impacted the ability of St Vincent’s to deliver the services our patients, residents, and the broader community rely on across our hospital, aged care, and virtual and home health networks. We are managing some important network disruptions as part of our remediation works.”
The health network has set up a support line (1300 124 507) and email contact (stvincentscybersafety@svha.org.au) for anyone seeking more information.
St Vincent’s Health could be fined over the hack if the Department of Home Affairs finds it failed to meet international cybersafety standards, as the Melbourne and Sydney hospitals are considered critical infrastructure.
With Rachael Dexter
Start the day with a summary of the day’s most important and interesting stories, analysis and insights. Sign up for our Morning Edition newsletter.
Most Viewed in Technology
Loading
>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : WAToday – https://www.watoday.com.au/technology/st-vincent-s-cyberattack-work-of-sophisticated-criminals-say-investigators-20231231-p5eud1.html?ref=rss&utm_medium=rss&utm_source=rss_technology