Medical Records and Credit Card Details of Patients Compromised
Information about individual diseases diagnoses, payment cards and national insurance cards are among the data stolen by hackers from Australian Medlab Pathology.
Parent company Australian Clinical Labs disclosed the breach on Thursday, saying that the personal information of approximately 223,000 people was caught up in the breach.
“To date, there is no evidence of misuse of any of the information or any demand made of Medlab or ACL,” the company says. About 60 percent of the affected individuals had their Medicare number and name released. About 12 percent had credit card numbers exposed while about 8 percent are set to find out that medical records associated with a pathology test were posted online.
The testing giant – it describes itself as one of Australia’s largest, privately owned independent pathology practices – says it will directly contact individuals affected by the breach.
Australian cybersecurity authorities informed the company in June that the stolen data was available or download on the dark web, Australian Clinical Labs says. The ransomware-as-a-service group behind Quantum malware took credit on its leak site for the breach in June by posting an 86 gigabyte file. The group is an offshoot off the Conti, which claims to have dissolved itself in May (see: After Conti Ransomware Brand Retires, Spinoffs Carry On).
Under the timeline released by the company, it detected unauthorized access in February but didn’t find evidence at the time that information had been compromised. The Australian Cyber Security Centre contacted the diagnostic company in March to say it believed a ransomware attack had occurred.
Australian Clinical Labs attributes the gap between detection of its data on the dark web and public disclosure to the “highly complex and unstructured nature of the data-set being investigated,” which required experts “until now to determine the individuals and the nature of their information involved.”
Individuals impacted in the data breach are mainly in New South Wales and Queensland.
The compromised server that led to the data theft has been “de-commissioned and is no longer in use,” the company says. Its other systems and databases remain unaffected, the company says.
The breach adds to a recent spate of cyber incidents felt by Australian businesses. Medibank, Australia’s largest private health insurer, was compromised a few weeks after telecommunications giant Optus suffered a breach affecting approximately 10 million customers. Although seemingly part a series, all the attacks likely have in common are hackers attempting to exploit poor cybersecurity for money (see: Australia’s Data Breach Wave: Workaday Cybercrime).
With reporting from ISMG’s Jeremy Kirk in Australia.