The Melbourne Archdiocese is one of a number of large organisations that have been hit by cyber attackers in recent months. Source: The Age.
Cyber attackers have also targeted Australia’s biggest corporate superannuation fund, TelstraSuper, and Toyota.
The Age has confirmed the attacks, after revealing on Wednesday that a cyber crime syndicate hacked and scrambled the files of Melbourne Heart Group, a cardiology unit based at Cabrini Hospital.
The Melbourne Archdiocese breach took place in late November, when hackers infiltrated the Church’s IT system using “ransomware”, a type of attack which can threaten to publish the victim’s data or block access to it unless money is paid.
An Archdiocese spokesman confirmed the attack had taken place, but said the Church had been able to “isolate its impact” and progressively restore services.
“We have not engaged with the ransomware issuer and obviously, no ransom has been paid,” he said.
Led by Archbishop Peter A. Comensoli, the Melbourne Archdiocese has more than 200 parishes, 331 schools and 10 hospitals.
However, it is understood that the impact was contained to the Church’s internal IT system, and did not affect, for example, sensitive data relating to the schools overseen by the Church’s education arm, which runs on a separate network.
This week it became known that Australia’s political parties suffered cyber attacks alongside the Parliament House computer network several weeks ago by a “sophisticated state actor”. Cyber security experts believe China is a chief suspect.
After The Age’s reporting of the Melbourne Heart Group breach, Cabrini Hospital sought to stress that none of its patient data had been compromised in the MHG attack, because both are separate entities. MHG paid a $10,000 ransom to regain access to its patients’ files.
A Victorian Department of Health and Human Services spokesman said no public hospital in the state had been impacted by a cyber attack via the MHG incident.
The state government allocated $33.9 million over the past three years for public health services to replace “at-risk” technology.