Around 223,000 patients and staff were affected by a cyberattack on Medlab Pathology in February.
This is based on the results of a forensic investigation launched by ASX-listed private pathology service provider Australian Clinical Labs (ACL), which acquired the pathology lab late last year.
The hacked data includes approximately 17,500 medical and health records associated with a pathology test, over 28,000 credit card numbers and approximately 128,000 health insurance numbers. Those affected are believed to be mainly confined to NSW and Queensland.
However, ACL noted that there is “no evidence of misuse” of any of the information and that there are no claims made against Medlab and ACL.
The cyber incident also spared the larger systems and databases owned by ACL, while Medlab’s compromised computer server has already been decommissioned and is no longer in use.
ACL will now start contacting data subjects directly “via personalized notifications as soon as possible.”
“ACL, on behalf of Medlab, will begin the process of directly contacting those at risk via email and postal mail today, to provide them with information about the incident, how it affects them, and additional actions that may be taken to protect their information,” it said in a company statement Thursday.
In addition, the company has also set up a dedicated inbound response team to answer questions from those notified and provide advice and remediation advice in relation to the incident. A care team has also been formed to minimize distress and provide support to those whose health records may have been accessed.
Additionally, ACL works with federal and state government authorities to offer free credit monitoring and/or identification document replacement to individual victims.
THE WIDER CONTEXT
A few weeks after Medlab reported a hack on its computer server, the Australian Center for Cybersecurity received reports that the pathology department may have been hit with ransomware.
Three months later, the ACSC discovered that some Medlab information had been posted on the dark web. ACL said it immediately responded by finding and downloading the unstructured dataset from the dark web and “working to permanently delete it.”
The company then worked to determine the nature of the compromised information and the people who could suffer serious harm as a result of the hack.
“Given the highly complex and unstructured nature of the dataset under investigation, it has until now taken analysts and forensic experts to determine the individuals and the nature of their information involved,” ACL explained.
THE GREAT TREND
Health insurer Medibank is the latest Australian company to suffer a series of cyber incidents this year. The company first reported a network breach two weeks ago. In an update this week, it said hackers had access to data from all of its 3.9 million customers. This includes personal information such as names and certain Medicare card numbers and health information including claim codes made by customers.
Over there in New Zealand, Pinnacle Midlands Health Network also experienced a recent IT breach. Hackers have been reported to leak patient data on the web, including data related to hospital service use, request for information, and the immunization and screening status of individual patients . Those affected involve past and present patients and clients of Pinnacle Group in Waikato, Lakes, Taranaki and Tairāwhiti districts, including GP practices in the primary healthcare setting.
“On behalf of Medlab, we sincerely apologize and deeply regret that this incident has occurred. We recognize the concern and inconvenience this incident may cause those who have used Medlab’s services and have taken steps to identify the We want to assure everyone involved that ACL is committed to providing them with all reasonable support. We will continue to work with the relevant authorities,” said ACL CEO, Melinda McGrath, in a statement.
#Data #patients #staff #affected #Medlab #hack