Australian Clinical Labs suffers cyber security incident

Australian Clinical Labs said its Medlab Pathology business suffered a cyber security incident that affected about 223,000 accounts.
IT network security issuesAustralia’s No.1 health insurer Medibank, No.2 telco Optus and retailer Woolworths Group’s majority-owned online retailer MyDeal were also hit by data breaches that compromised the data of millions of customers.

ACL said its affected data included more than 17,500 individual medical and health records, over 28,000 credit card numbers and customer names, as well as more than 128,600 Medicare numbers.

There was no evidence of misuse of any of the information or any demand made of Medlab or ACL to date. The compromised Medlab server had been decommissioned and ACL’s broader systems were unaffected.

Medlab became aware of an unauthorised third-party access to its IT system in February and a month later, was informed by the Australian Cyber Security Centre (ACSC) that it may have been the victim of a ransomware incident.

:Given the highly complex and unstructured nature of the data-set being investigated, it has taken the forensic analysts and experts until now to determine the individuals and the nature of their information involved,” ACL said.

The ACSC notified the company in June that Medlab’s information had been posted on the dark web, which ACL subsequently sought to find and permanently remove.