St Vincent's Health, one of Australia's major not-for-profit hospital and aged care providers, has been targeted in a significant cyber attack, resulting in data theft.
The breach was first detected on December 19 and involved data being unlawfully removed from the organisation's systems.
St Vincent's Health operates facilities across Victoria, New South Wales and Queensland.
Services unaffected
St Vincent's Health chief executive officer Chris Blake confirmed that the breach was identified on Tuesday.
Immediate action was taken for containment and external security experts were consulted.
Despite the breach, the organisation's ability to deliver services at its hospitals, aged care centres and virtual in-home care remains unaffected.
Appears to be small
The National Office of Cyber Security and acting National Cyber Security coordinator, Hamish Hansford, stated that the Australian Government had been involved in responding to the breach since being notified.
The focus is on understanding the extent and nature of the stolen data.
Hansford noted that, unlike previous breaches at Medibank and Optus, the amount of data taken appeared to be small.
Services Australia, the Department of Health and Aged Care, and relevant state and territory agencies are also contributing to a coordinated response to mitigate any impacts of the breach.
A Victorian Government spokesperson has acknowledged the incident and confirmed ongoing collaboration with St Vincent's Health Australia and the Commonwealth to determine the breach's full extent.