Fraud Management & Cybercrime , Geo-Specific , Incident & Breach Response
Medlab Pathology Breach Affects 223,000 AustraliansMedical Records and Credit Card Details of Patients Compromised
Information about individual diseases diagnoses, payment cards and national insurance cards is among the data stolen by hackers from Australian company Medlab Pathology.
See Also: Webinar | How the SASE Architecture Enables Remote Work
Parent company Australian Clinical Labs disclosed the breach on Thursday, saying that it involved the personal information of approximately 223,000 people.
"To date, there is no evidence of misuse of any of the information or any demand made of Medlab or ACL," the company says. About 60% of the affected individuals had their Medicare number and name released. About 12% had credit card numbers exposed and about 8% are set to find out that medical records associated with a pathology test were posted online.
The testing giant - it describes itself as one of Australia's largest privately owned independent pathology practices - says it will directly contact individuals affected by the breach.
Australian cybersecurity authorities informed the company in June that the stolen data was available or download on the dark web, Australian Clinical Labs says. The ransomware-as-a-service group behind Quantum malware took credit on its leak site for the breach in June by posting an 86-gigabyte file. The group is an offshoot off Conti, which claims to have dissolved in May (see: After Conti Ransomware Brand Retires, Spinoffs Carry On).
Under the timeline released by the company, it detected unauthorized access in February but didn't find evidence at that time that information had been compromised. The Australian Cyber Security Center contacted the diagnostic company in March to say it believed a ransomware attack had occurred.
Australian Clinical Labs attributes the gap between detection of its data on the dark web and public disclosure to the "highly complex and unstructured nature of the data set being investigated," which required experts "until now to determine the individuals and the nature of their information involved."
Individuals affected in the data breach are located mainly in New South Wales and Queensland.
The compromised server that led to the data theft has been "decommissioned and is no longer in use," the company says. Its other systems and databases remain unaffected, the company says.
The breach adds to a recent spate of cyber incidents suffered by Australian businesses. Medibank, Australia's largest private health insurer, was compromised a few weeks after telecommunications giant Optus suffered a breach affecting approximately 10 million customers. Although seemingly part of a series, all the attacks likely have in common are hackers attempting to exploit poor cybersecurity practices for money (see: Australia's Data Breach Wave: Workaday Cybercrime).
With reporting from ISMG's Jeremy Kirk in Australia.