Acting national cyber security co-ordinator Hamish Hansford said the government had been working closely with St Vincent’s Health to determine what had happened when it suffered a serious breach.

Mr Hansford said Australia faced a reported attack once every six minutes and the international spread of the criminal networks meant tracking down the sources was complex and time consuming.

“Criminals are all about profit and trying to make the most amount of money,’’ he told the ABC, a week after St Vincent’s Health was attacked with so far little idea of how big the breach was and who had been affected. “They could be anywhere and that’s why it takes time for either the government or an entity to work out precisely what’s happened.’’

Opposition cyber security spokesman James Paterson said Home Affairs Minister Clare O’Neil needed to reassure Australians the government was fully engaged in dealing with the attack.

He warned hundreds of thousands of patients at the Catholic hospital system could be affected.

“The Albanese government can’t make the same mistakes they made with their slow and incompetent response to the High Court’s ruling on immigration detention,’’ he said.

St Vincent’s, which operates 10 hospitals and 26 aged-care facilities in NSW, Queensland and Victoria, on Friday revealed it had been the subject of a major health breach on December 19.

A spokeswoman said on Tuesday the organisation was still working through what had happened, hinting any breaches of personal information may still be unknown. “St Vincent’s continues to investigate the cyber crime and will update as that work develops. The investigation and monitoring efforts are continuing around the clock,’’ she said.

“Should we identify any personal data that was stolen we will do everything to directly contact anyone personally impacted by the attack on us by cyber criminals.”

The slow response to the crisis has alarmed key stakeholder groups, including unions and patient advocacy groups. It follows major breaches at Optus and Medibank, with Optus facing a shutdown of its networks in the run-up to Christmas, in what was a serious wakeup call for all companies, especially those handling confidential data.

The Medibank hack began with the theft of information belonging to someone with access to Medibank’s internal systems. This information was sold on the dark web and used to gain access to Medibank’s internal system.

Optus was attacked by the Albanese government in September after hackers obtained data and its network was severely compromised, causing a meltdown within the company.

Mr Hansford said the government had been working with St Vincent’s since the hack was detected and that cyber attacks were now a way of life for Australians.

“And, indeed, a global phenomenon,’’ he said. Criminal groups sought the information, then hosted it on the dark web, to attract money. The more sensitive the data, the potentially more valuable the profits.

Mr Hansford said the newer technology systems tended to have more efficient means of keeping the cyber pirates at bay.

St Vincent’s on Monday confirmed it did not know whether sensitive health records had been taken, sparking concern the organisation had failed in its duty to protect sensitive patient information. The government reportedly believed the hack was not substantial.

More related stories

Nation

NSW Health stands down two nurses for threatening to kill Israeli patients

The Minns government has removed two nurses from Bankstown Hospital after they appeared in an online video declaring they would refuse to treat and ‘kill’ Israeli people, bragging they’d already done so | WATCH

Read more

Sport

Football Australia in ‘deep discussions’ on Kerr captaincy

While Matildas’ superstar Sam Kerr has been found not guilty of racially harassing a white police officer, Football Australia is yet to decide if she will keep the Australian captaincy.

Read more