Share this article on:
A Queensland-based Indigenous health organisation has announced that it suffered at the hand of a cyber attack last year that saw the personal information of over 8,000 clients and staff compromised.
Responsible for serving 11 communities in remote parts of Far North Queensland, the Apunipima Cape York Council was hit by the attack in October last year.
In a release issued yesterday, on 22 March 2023, Apunipima said that an “unknown third-party gained unauthorised access to some of [its] computer systems and may have viewed some personal information of [its] clients and staff”.
Based on the organisation’s investigation into the matter, the information accessed included “mostly Medicare numbers and other transactional health information, such as a [sic] healthcare identifiers”.
“For a small number of individuals, other information types may have been involved as well,” including personal contact information such as names, numbers and addresses, driver’s licenses and numbers, passports and bank cards.
Apunipima has said that the investigation into the attack, which was conducted by Australian Cyber Security Centre (ACSC) alongside other government bodies, has only just finished.
It has also said that despite the long time to finish the investigation, it had informed relevant authorities, including the ACSC, the Office of the Australian Information Commissioner (OAIC) and more.
The organisation has also adopted IDCARE services and has released several public announcements about the incident occurring.
Apunipima has revealed that the investigation found no evidence that the personal information accessed by threat actors has been misused in any way. It has also reiterated that the “risks associated with that information [are] low”, as it has taken a number of steps towards protecting it, such as cooperating with the Australian Tax Office (ATO) and Services Australia.
Those affected in the attack will be contacted individually, with specifics on what information of theirs was accessed and the best steps to take to protect that data in response.
“We sincerely apologise that this incident happened and for any concern it may cause our valued patients, clients and staff across the Cape York region,” Apunipima said.
For the full list of steps to take to protect compromised data, visit the Apunipima Cape York Council website here.