Incident: TissuPath data breach victim upset by delayed notification | ABC News (Australia)
Australian Pathology Ransomware Attack, 14 November 2023
Australian pathology company Tissupath, reported a ransomware attack at a third-party IT supplier, Core Desktop
About 130,000 victims of a data hack at pathology company TissuPath in August involving referrals issued between 2011 and 2020 was to blame
Company Media Release: 4 September 2023 MEDIA STATEMENT
Company Breach Information: Cybersecurity Incident Notice
NSW Government Data Beach Report: TissuPath data breach
Source: TissuPath data breach victim upset by delayed notification | ABC News (Australia)
View more incidents from Medical and Health Care sector, and Victorian incident reports.
This attack is one of the Australian Service Provider “Core Desktop” that was reportedly breached by the Russian cybercriminal group AlphV, which is also known as BlackCat, view the AlphV Australian Ransomware Attacks.
TissuPath, a specialist pathology firm in Australia, has experienced a data breach due to a cyber security incident. The breach involved a third-party supplier attack, accessing pathology referral records kept in a backup storage drive.
A woman named Lynda George was upset by the delayed notification of a data breach at a pathology company called TissuPath, which exposed her personal information to hackers.
The breach occurred in August 2021, when a third-party IT supplier was hacked by Russian cybercriminals, who demanded a ransom and posted the data on the dark web.
The data included scanned pathology request forms with information such as patient names, dates of birth, contact details, Medicare numbers and private health insurance details.
TissuPath said it was advised by federal government agents not to pay the ransom and notified the affected patients in November 2021, more than two months after the breach.
Ms George said she felt violated and exposed by the breach and wished she was told sooner. She said it felt like being robbed or having someone go through her wardrobe.
Academics said the mandatory reporting guidelines should require hacked businesses to notify victims as soon as possible and offer them support and protection.
