APUNIPIMA CYBER-SECURITY INCIDENT UPDATE
APUNIPIMA CYBER-SECURITY INCIDENT UPDATE (THURSDAY 8 DECEMBER, 2022)
Apunipima (an Aboriginal Community Controlled Health Organisation) is pleased to advise that the forensic investigation into our recent cyber incident is now complete and has confirmed no evidence of unauthorised access to Apunipima’s medical / patient records systems or email systems.
Core systems are now being progressively brought back online and we have commenced our transition from manual processes back to standard automated and IT-supported processes.
We sincerely thank our patients, staff, and the communities we serve for their patience and support while we have worked to complete this forensic investigation as thoroughly and swiftly as possible.
The investigation has revealed some evidence that some information may have been accessed in a small number of corporate file servers during the incident. Apunipima is now working to analyse what information may have been accessed and expect this review to be complete early in the new year. Should this review reveal that any personal information relating to staff or other individuals was affected, we will work to notify these individuals in accordance with our obligations.
Since the incident occurred, Apunipima and our advisors have continued to closely monitor the deep web, and we can confirm that there has been no publication of any information relating to Apunipima or our communities to-date.
Acting on the advice of our advisors following the incident, we have since applied a range of additional cyber-security controls and measures to reinforce our existing cyber-security framework to prevent any reoccurrence.
As previously advised, when we first became aware of the incident we proactively notified the Office of the Australian Information Commissioner (OAIC), the Australian Cyber Security Centre (ACSC), and relevant law enforcement authorities and have continued to liaise with them and take their advice.
Should any members of the Cape York community have questions or concerns, they can contact Apunipima via phone on 07 4037 7114 or via email at ceo@apunipima.org and we will respond to their enquiries as soon as possible.
APUNIPIMA MEDIA CONTACT:
Tyrel Collins
Marketing and Communications Manager
communications@apunipima.org
APUNIPIMA CYBER-SECURITY INCIDENT UPDATE (WEDNESDAY 12 OCTOBER, 2022)
Apunipima (an Aboriginal Community Controlled Health Organisation) welcomes Queensland Health’s appointment of IDCARE (Australia’s leading identity-management support service) to provide free advice and support via its Cyber Resilience Outreach Clinic to people and communities concerned that their information may have been affected by the recent cyber-security incident.
We are working closely with Queensland Health and other local Cape York based service providers to keep them closely updated on the incident, and to ensure the continued timely provision of high-quality health and community services to the people and communities we serve.
Apunipima is in discussions with IDCARE to ensure highly specific advice and support will be provided to any people who are confirmed to have been affected, once Apunipima’s forensic I.T. investigation is complete. The findings of this forensic investigation are required to determine what, if any, information has actually been affected by this incident.
Importantly, Apunipima does not want to cause undue alarm or concern to anyone not impacted by this incident, and will rely upon the findings of its investigation to ensure the final advice provided to people and communities is accurate and complete.
Apunipima acknowledges the concerns of the community at present and is working around the clock to complete its investigation as soon as possible, and welcomes IDCARE’s physical presence in the community at this early stage to provide general advice and support while our forensic investigation is underway.
Apunipima and its advisors are also continuing to closely monitor the deep web, and we can confirm that there has been no publication of any information relating to Apunipima or its patients on the deep web at this stage.
We have proactively notified the Office of the Australian Information Commissioner (OAIC), the Australian Cyber Security Centre (ACSC), and relevant law enforcement authorities of the incident, and we will continue to liaise with them and take their advice.
Our number one priority is the continuity of care and health services to the people and communities we serve. Given our ongoing systems outage due to the incident, we have transitioned to manual processes, which are working effectively.
We are aware that the delivery of some services to patients and clients is taking longer than normal, however we are working directly with Queensland Health, our patients, clients and local communities to address these delays as swiftly as possible.
Apunipima is a not-for-profit organisation serving predominantly Aboriginal and Torres Strait Islander people and communities across Cape York and surrounding area, and we are deeply saddened that a third-party would target our organisation in this way.
We sincerely thank the people and communities we serve for their support and patience while we resolve this incident.
Should any members of the Cape York community have questions or concerns, they can contact Apunipima via phone on 07 4037 7114 or via email at ceo@apunipima.org and we will respond to their enquiries as soon as possible.
Please note: Apunipima will continue to post updates and advice to this website in relation to the incident as our investigation progresses.
APUNIPIMA CYBER-SECURITY INCIDENT UPDATE (SUNDAY 9 OCTOBER, 2022)
Apunipima (an Aboriginal Community Controlled Health Organisation) recently became aware of a cyber security incident where a third party gained unauthorised access to the Apunipima I.T. environment and possibly downloaded some information.
We are also aware of a post on the ‘deep web’ (a part of the internet not listed by search engines like Google or easily accessible by the general public) by an unidentified third party, claiming responsibility for the unauthorised access. We are being supported by leading external advisors to closely monitor this post and we are taking all appropriate actions in response.
As soon as we became aware of the incident, we engaged leading external cyber security and forensic I.T. experts to support us in managing the incident, securing our systems, restoring system functionality, and commencing a forensic investigation into what had occurred.
While we are making measurable progress, we do not yet have an expected timeline for system functionality restoration, however our I.T. teams are working around the clock to achieve this, supported by our leading external advisors and experts.
Our number one priority is the continuity of care and health services to the people and communities we serve, which is proceeding accordingly. Per our business continuity plan, we have transitioned to manual processes, which are working effectively, albeit with some minor delays.
We are aware that the delivery of some services to patients and clients is taking longer than normal. We are deeply saddened that a third-party would target our organisation in this way and we are working to address related service delays as safely and swiftly as possible.
We are working closely with Queensland Health and other local Cape York based service providers to ensure the continued timely provision of high-quality health and community services to the people and communities we serve.
We have proactively notified the Office of the Australian Information Commissioner (OAIC), the Australian Cyber Security Centre (ACSC), and relevant law enforcement authorities of the incident, and we will continue to liaise with them and take their advice.
We are advised that the forensic investigation to determine what precisely has occurred and if any information has been affected, will take some time to complete.
Should our forensic investigation confirm that anyone’s personal information may have been affected, we will carefully analyse the potentially affected information for the purpose of notifying individuals in a clear and precise manner, including advising them of any steps they need to take. We will ensure all relevant regulators and authorities are notified and kept informed in this regard.
Apunipima is a not-for-profit organisation serving predominantly Aboriginal and Torres Strait Islander people and communities across Cape York and surrounding area. We thank the people and communities we serve for their support and patience while we resolve this issue and work to ensure the continuity of high-quality safe health and community services.
Should any members of Cape York communities have questions or concerns, they can contact Apunipima via phone on 07 4037 7114 or via email at ceo@apunipima.org and we will respond to their enquiries as soon as possible.
Please note: Apunipima will continue to post updates and advice to this website in relation to the incident as our investigation progresses.
APUNIPIMA CYBER-SECURITY INCIDENT UPDATE (THURSDAY 6 OCTOBER, 2022)
Apunipima (an Aboriginal Community Controlled Health Organisation) recently became aware of a cyber security incident where a third party gained unauthorised access to the Apunipima I.T. environment and possibly downloaded some information.
We are also aware of a post on the ‘deep web’ (a part of the internet not listed by search engines like Google or easily accessible by the general public) by an unidentified third party, claiming responsibility for the unauthorised access. We are being supported by leading external advisors to closely monitor this post and we are taking all appropriate actions in response.
As soon as we became aware of the incident, we engaged leading external cyber security and forensic I.T. experts to support us in managing the incident, securing our systems, restoring system functionality, and commencing a forensic investigation into what had occurred.
We do not yet have an expected timeline for system functionality restoration, however our I.T. teams are working around the clock to achieve this, supported by our leading external advisors and experts.
Our number one priority is the continuity of care and health services to the people and communities we serve. Per our business continuity plan, we have transitioned to manual processes, which are working effectively.
We are working closely with Queensland Health and other Cape York based service providers to ensure the continued provision of high-quality health and community services to the people and communities we serve.
We have proactively notified the Australian Cyber Security Centre (ACSC) and relevant law enforcement authorities of the incident, and we will continue to liaise with them and take their advice.
We are advised that the forensic investigation to determine what precisely has occurred and if any information has been affected, will take some time to complete.
Should the forensic investigation confirm that anyone’s personal information may have been affected, we will carefully analyse the potentially affected information for the purpose of notifying individuals in a clear and precise manner, including advising them of any steps they need to take. We will ensure all relevant regulators and authorities are notified and kept informed in this regard.
Apunipima is a not-for-profit organisation serving predominantly Aboriginal and Torres Strait Islander people and communities across Cape York and surrounding geographies, and we are deeply saddened that a third-party would target our organisation in this way.
We thank the people and communities we support for their support and patience while we resolve this issue and work to ensure the continuity of high-quality safe health and community services.
Should any members of the community have questions or concerns, they can contact Apunipima via phone on 07 4037 7114 or via email at ceo@apunipima.org and we will respond to their enquiries as soon as possible.
Please note: Apunipima will continue to post updates and advice to this website in relation to the incident as our investigation progresses.
