APUNIPIMA Cape York Health Council claims that patient data was not accessed when it was hit by a ransomware attack earlier this year.
In a statement dropped on its website and not sent out to the media, the organisation said it was “pleased” that there was no evidence of unauthorised access to Apunipima’s medical/patient records systems or email systems.
“The investigation has revealed some evidence that some information may have been accessed in a small number of corporate file servers during the incident,” the statement said.
“Apunipima is now working to analyse what information may have been accessed and expect this review to be complete early in the new year.
“Should this review reveal that any personal information relating to staff or other individuals was affected, we will work to notify these individuals in accordance with our obligations.”
The Aboriginal organisation was subject to a ransomware attack in October this year.
Cape York Weekly broke the story after Apunipima attempted to cover up the incident.
Multiple attempts have been made to interview CEO Debra Malthouse and all have been rejected by the organisation.
It’s understood that a health worker in Aurukun clicked on a phishing email that infected Apunipima’s systems, forcing staff to work with pen and paper.
“Core systems are now being progressively brought back online and we have commenced our transition from manual processes back to standard automated and IT-supported processes,” the Apunipima statement said.
“We sincerely thank our patients, staff, and the communities we serve for their patience and support while we have worked to complete this forensic investigation as thoroughly and swiftly as possible.”
It’s been a torrid 12 months for the community-controlled organisation, which has suffered from a high turnover of staff.
Torres and Cape Hospital and Health Service also had to pick up the load when Apunipima failed to provide key services.
In a memo, TCHHS told staff to treat Apunipima’s breach as if patient data had been stolen.