The Apunipima Cape York Health Council, which operates health clinics in 17 Cape York and Torres Strait Island towns, was hit by hackers in October 2022, causing system outages and delays to service as its clinics were forced to resort to paper-based service.

The organisation’s staff quickly notified authorities and released public notifications, but it was not enough to completely reassure some.

Other companies were forced to sever electronic links to the organisation as a precaution and some Cape York residents said they switched to other health services for fear their data had been compromised.

A five-month investigation led by Apunipima concluded the hackers accessed a disturbing array of personal information types, including contact information, tax file numbers, Medicare numbers, bank cards, superannuation membership IDs, drivers licenses and passports.

Debra Malthouse, Apunipima CEO, said each individual was affected differently and anyone affected will soon receive a tailored statement via postal mail confirming what information was accessed, and what steps the organisation recommends they take in response.

Remedial advice was also posted on the Apunipima website and Cape York community noticeboards on Wednesday.

“Apunipima has already taken a number of precautionary steps to protect the information that may have been accessed, including liaising with Services Australia and the Australian Taxation Office, which means the risks associated with that information are low,” Ms Malthouse said.

“As an Aboriginal community-controlled not-for-profit health organisation … we were deeply saddened that anyone would target our organisation in this way.

“The investigation and data-review process we had to undertake since last October has consumed significant time and resources which would otherwise have been deployed towards serving the Cape York community.”

Other companies across Australia, including major health insurer Medibank, also suffered devastating cyber hacks in the later months of 2022.

Some of those breaches were ransomware attacks – the criminal hackers demanded money in exchange for stolen data.

An Apunipima spokesman could not rule out whether the attack on the organisation was ransomware related.

“The cyber event involved unauthorised access to our IT environment by an unidentified third party,” the spokesman said.

“For cyber security reasons, we cannot go into more detail. We have no evidence that anyone’s information has been or will be misused or disclosed by the unknown third party.”

“We have applied enhanced cyber security measures to prevent any recurrence. We continue to work with cyber security and IT experts to improve our security measures.”

isaac.mccarthy@news.com.au

More Coverage

Rate rises ‘on the table’ in looming council budget discussions

Isaac McCarthy

Heroes rescue abandoned dogs in flood-ravaged Burketown

Alison Paterson

Originally published as Personal details of approximately 8000 Apunipima clients across FNQ affected by cyber breach