System Outage & Data Breach

To our valued clients, partners and interested community members,

CatholicCare has become a victim of a data breach incident and I wholeheartedly apologise that this has happened.

Please continue to refer to this page of our website for the latest information. This is an unfolding situation and we commit to being as transparent as possible with the known facts as forensic IT investigations continue.

Newest updates will be posted at the top.

Best regards,

Robert Sims
CatholicCare Director

Updates...

Relevant authorities officially informed

Posted: 17/11/2022 11:44 am

CatholicCare can now confirm it has formally notified the Office of the Australian Information Commissioner, the Australian Cyber Security Centre, Queensland Police, as well as other relevant government departments in relation to the data breach incident.

Investigations are ongoing and we are expecting to receive our first major forensic IT report in the coming days. We expect it to contain more specific information (ie what data has been accessed and who is affected). This will then put us in a position to be in direct contact with anyone whose personal information has been caught up in this incident.

We continue to thank you for your patience and would like to again reassure you we are committed to a best practice approach in the handling of this unfortunate incident.

Investigations so far show no signs that data has been removed

Posted: 10/11/2022 3:36 pm

We would like to ensure our clients and the broader community are aware that investigations so far show no signs that our data has been removed from the CatholicCare IT environment. Furthermore, nothing indicates our data has been copied or stolen.

What we know at this early stage is that a third-party has gained access to particular IT servers (associated with our aged care and disability services only) and encrypted our data which in effect means we can’t access that data at present (ie it’s locked down). This type of situation is quite different in nature to what has reportedly happened to Optus and Medibank.

Our forensic IT and cyber experts are working around the clock to categorically conclude what has happened in our situation.

We commit to keeping you informed as more details are known.

CatholicCare, alongside our high-skilled external consultants, are working as quickly as possible to ascertain precisely whose data is involved in this data breach and we will naturally be contacting those people directly.

Confirmation of Data Breach Incident

Posted: 09/11/2022 3:00 pm

Following thorough investigations into a recent system outage experienced across our organisation, we can now regretfully confirm that CatholicCare Central Queensland has been the victim of a data breach incident.

We take your wellbeing, including the protection of your data and personal information, very seriously and we wholeheartedly apologise to you that this has happened.

Immediately after discovering the system outage on Monday 7 November 2022, we shut down our aged care and disability IT servers out of an abundance of caution. We also engaged forensic IT experts and a specialist cyber incident response firm to ensure that we did and continue to do everything that we possibly can to mitigate the risks associated with this breach.

We are in the process of notifying all relevant government authorities of this incident.

This data breach involves our aged care and disability service functions specifically.

There is no indication that client data relating to the following services has been impacted:

  • Domestic and family violence support
  • Counselling
  • Family support services
  • The Family Relationship Centre

Together with our cyber consultants, we are working around the clock to ascertain specifically whose data has been caught up in this unfortunate incident, as well as which data might be affected.

We will directly contact you if you are impacted by this data breach.

We would like to assure you that we are not cancelling, restricting, or reducing services. While we are continuing to run services, the IT system which handles our rostering has been impacted and our team is manually scheduling services in the short-term. As you would expect, this method is not as efficient as our regular technology solutions. We have set up a dedicated phone line that you can use to notify us if a carer does not arrive to your scheduled service.

If you have previously opted into our text message service, you should have received a text message notifying you of that dedicated phone line. If you have not received that text message, the dedicated phone number to call is (07) 4977 4122.

We are deeply sorry this has taken place. We commit to keeping you informed and supported as more details become available. We appreciate your patience.

System outage – we’re working on it

Posted: 07/11/2022 10:41 am

We’re sorry! We are currently experiencing a system outage that is affecting our ability to access our service scheduling system appropriately.

Unfortunately, this will cause some disruption to all in-home client services.

At this stage, our counselling and family support services remain unaffected.

We apologise for any inconvenience that this outage causes and sincerely thank you for your patience.

We will continue to provide updates to you as they become available.