Select Page

Update Incident: Australian Clinical Labs accused of ‘sitting on’ hack that saw patient data posted to the dark web | ABC News Australia

Posted by | Oct 28, 2022 | , , , , | 0 |

Update Incident: Australian Clinical Labs accused of ‘sitting on’ hack that saw patient data posted to the dark web | ABC News Australia

Australian Medical Privacy Breach, 28 October 2022

Australian Clinical Labs subsidiary Medlab Pathology, accused of ‘sitting on’ hack that saw patient data posted to the dark web

ACL says it first learned of the attack in February but believed no data was stolen

Company Statement: Medlab Pathology Cyber Incident Response and Support
Source: Australian Clinical Labs accused of ‘sitting on’ hack that saw patient data posted to the dark web | ABC News Australia

View more from Privacy Breaches and the incidents relating to the Medical and Health Care sector.

Update 03/11/23: Australian Clinical Labs to face court over 2022 data breach | cyberdaily.au
The Office of the Australian Information Commissioner believes Australian Clinical Labs did not adequately protect personal data, leading to an increased risk of “identity theft, extortion and financial crime”.

Australian Clinical Labs (ACL) yesterday revealed it was hit by a cyber attack eight months ago, in February, and that since then it had found out the data of 223,000 people had been accessed and some of it posted to the dark web.

Pathology company ACL says it first learned of the attack in February but believed no data was stolen. The company says it told the relevant authorities about the data hack in July, after learning details were on the dark web. However, it only told customers that their data had been hacked and some of it posted to the dark web this week

ACL said the breach affected its subsidiary, Medlab, and that the most-concerning breaches included the leaking of medical and health records, credit card numbers and Medicare numbers.

Under the Privacy Act, companies with a turnover of more than $3 million — and, specifically, healthcare companies including pathology labs — need to tell the Office of the Australian Information Commissioner (OAIC) about a data breach that is “likely to cause serious harm”.

The OAIC confirmed to ABC News that ACL’s subsidiary Medlab fits that definition, and the company’s website also notes that it is required to comply with the Privacy Act.

ACL confirmed to ABC News that it had notified the OAIC of the data breach in early July. That is, shortly after it was told data was on the dark web.

 

Rate:

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Related Posts

Sydney domestic and international flights delayed due to air traffic control system fault | ABC News (Australia)

Sydney domestic and international flights delayed due to air traffic control system fault | ABC News (Australia)

September 25, 2017

Incident: NSW Medical Council finds out PDF redaction is hard, the hard way | The Register

Incident: NSW Medical Council finds out PDF redaction is hard, the hard way | The Register

January 17, 2016

Incident: NSW Policeman sent intimate photos from arrested woman’s phone to other officers via Facebook | SMH

Incident: NSW Policeman sent intimate photos from arrested woman’s phone to other officers via Facebook | SMH

January 22, 2019

Incident: Personal details of thousands of residents revealed by Melbourne council in data breach | ABC News (Australia)

Incident: Personal details of thousands of residents revealed by Melbourne council in data breach | ABC News (Australia)

November 11, 2016

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Exclusive: INC Ransom claims cyber attack on Australian engineering service company
Exclusive: INC Ransom claims cyber attack on Australian engineering service company

Threat actors have claimed a cyber attack on an Australian engineering solutions company and are threatening to publish data they allegedly … [...]

Exclusive: Major cleaning and facility services firm confirms third-party cyber incident
Exclusive: Major cleaning and facility services firm confirms third-party cyber incident

Major private cleaning and facility services firm Menzies Group has confirmed a cyber incident that occurred after a third-party IT provider was … [...]

Exclusive: Australian College of Business Intelligence investigating Qilin ransomware claims
Exclusive: Australian College of Business Intelligence investigating Qilin ransomware claims

A Sydney-based vocational college has found no evidence of compromised student data after being listed on the leak site of a prolific hacking group. • … [...]

Victorian bulk porting scammer gets over two years in prison
Victorian bulk porting scammer gets over two years in prison

A 35-year-old man from Lynbrook, south-east Melbourne, has received a prison sentence of two years and two months, with a 12-month non-parole period, … [...]

NSW cyber cops bust alleged bullion-buying BEC bandits
NSW cyber cops bust alleged bullion-buying BEC bandits

NSW Police have charged three people over an alleged $600,000 business email compromise (BEC) scam operation, after detectives caught a young woman … [...]

Miners’ data targeted as hackers hold software provider to ransom
Miners’ data targeted as hackers hold software provider to ransom

Dozens of Australian mining companies are scrambling to access their key technology systems after a major software supplier to the sector was … [...]

Instructure dealing with Canvas cyberhackers a dangerous tactic, say experts
Instructure dealing with Canvas cyberhackers a dangerous tactic, say experts

The company that runs Canvas has painted a target on its back for future extortion attempts by making a deal with hackers, according to cybersecurity … [...]

Exclusive: Hospitality IT provider allegedly breached by Qilin
Exclusive: Hospitality IT provider allegedly breached by Qilin

Threat actors have claimed a cyber attack on an Australian hospitality and gaming industry supplier, having listed the firm on the dark web. • Fri, 15 … [...]

ACCC welcomes another year of funding for the National Anti-Scam Centre
ACCC welcomes another year of funding for the National Anti-Scam Centre

The Australian consumer watchdog is pleased with the overall funding boost of $67.7 million over four years in the 2026–27 budget. • Thu, 14 May 2026 … [...]

Report: Business email compromise attacks surged dangerously in April
Report: Business email compromise attacks surged dangerously in April

BEC attacks rose 151 per cent month on month in April, with advanced fee and gift card fraud key drivers. • Thu, 14 May 2026 • Security *]:clear-none … [...]

Scope Systems confirms cyber incident, says no data loss occurred
Scope Systems confirms cyber incident, says no data loss occurred

Western Australia-based software deployment specialist and reseller Scope Systems has disclosed a cyber incident but said no data loss occurred. • … [...]

Instructure breach: ShinyHunters says ‘matter has been resolved’
Instructure breach: ShinyHunters says ‘matter has been resolved’

The hackers behind the global Canvas LMS breach have said they are no longer “seeking money” from any victim. • Wed, 13 May 2026 • … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading