Australian Clinical Labs reported a data leak affecting about 223,000 accounts in its Medlab pathology division. This is Australia’s fourth major hack since September, after breaches that compromised the data of millions of customers at Medibank, telco Optus and retailer Woolworths Group’s majority-owned online retailer MyDeal.
Medlab said the breach involved 17,539 medical records related to a pathology test, 28,286 credit card numbers and names (of which 15,724 were expired), and 128,608 Medicare numbers. The majority of those affected were from New South Wales and Queensland. According to the company, there is now no evidence of mishandling the information or any demand.
The malfunctioning server was taken out of service, and the mishap had no impact on ACL’s larger systems or databases. Unauthorized third-party access to Medlab’s IT systems was discovered eight months ago, prompting the company to commission a forensic investigation by independent external cyber experts.
At the time, forensic experts found no evidence that the information had been tampered with. The Australian Cyber Security Centre (ACSC) approached ACL in June this year to inform the group that Medlab information had been published on the dark web, which ACL immediately found, downloaded and permanently removed.
On the advice of privacy and legal experts in cyber matters, ACL has implemented a program to determine which information has been compromised and which individuals may have suffered serious harm as a result of the incident. Due to the highly complex nature of the data set, forensic analysts and experts have had to wait until now to determine the extent of the breach.
The sources for this piece include an article in Reuters.