Medlab Pathology caught up in cyber incident targeting 223,000 patients and staff

Medlab Pathology caught up in cyber incident targeting 223,000 patients and staff

Australian Clinical Labs (ASX: ACL) owned Medlab Pathology has joined a growing list of companies impacted by cyber attacks after revealing a data breach has affected the health records and credit card information of almost 223,000 people, leading to an 11.6 per cent plunge in the parent company's share price in morning trading. 

The news comes a day after private health insurer Medibank (ASX: MPL) confirmed hackers accessed data for its entire customer base, as well as information about its ahm and international student clientele. Shares tumbled 18 per cent to $2.87 each off the back of the announcement, wiping approximately $1.75 billion in market value.

Medlab revealed its breach included 17,539 medical and health records associated with a pathology test, 28,286 credit card numbers and names (of which 15,724 were expired), and 128,608 Medicare numbers. The majority of the customers impacted were from NSW and Queensland.

The company notes that there is currently no evidence of misuse of any of the information or any demand made of Medlab or ACL. The compromised server has been decommissioned and ACL’s broader systems and databases have not been affected by the incident.

“On behalf of Medlab, we apologise sincerely and deeply regret that this incident occurred. We recognise the concern and inconvenience this incident may cause those who have used Medlab’s services and have taken steps to identify individuals affected,” ACL CEO Melinda McGrath said.

“We are in the process of providing tailored notifications to the individuals involved. We want to assure all individuals involved that ACL is committed to providing every reasonable support to them. We will continue to work with the relevant authorities.”  

The unauthorised third-party access to Medlab’s IT systems was brought to the company’s attention eight months ago, which led to the commission of a forensic investigation by independent external cyber experts. At the time, forensic specialists did not find any evidence the information had been comprised.

In June of this year, the Australian Cyber Security Centre (ACSC) approached ACL to inform the group that Medlab information had been posted on the dark web, which ACL took immediate steps to find, download and permanently remove.

Following advice from privacy and legal specialists in cyber matters, ACL implemented a program to uncover what information was hacked and which individuals could be at risk of serious harm as a result of the incident. Due to the highly complex nature of the data set, it has taken forensic analysts and experts until now to ascertain the extent of the breach.

From today, ACL will directly contact impacted patients and staff via email and postal mail to provide them with information about the incident, how it affects them and additional steps that can be taken to protect their information.

ACL has established a dedicated inbound response team in relation to the cyber attack and is also offering free-of-charge credit monitoring or ID document replacement for people who may be at risk of credit or identity fraud. The pathology giant is also working alongside federal and state government authorities.

The incident has been reported to both ACSC and the Office of the Australian Information Commissioner (OAIC).

Help us deliver quality journalism to you.
As a free and independent news site providing daily updates
during a period of unprecedented challenges for businesses everywhere
we call on your support

Deliver on sustainable business promises with Modern Group’s WincovER rating
Partner Content
As a business owner, you’ll know that sustainability is a core part of developing...
Modern Group
Advertisement

Related Stories

Engineering powerhouse enstruct to be acquired by Canada's WSP

Engineering powerhouse enstruct to be acquired by Canada's WSP

An Australian structural and civil engineering company with a proli...

Healius appoints new CEO, sells Montserrat Day Hospitals for $139m

Healius appoints new CEO, sells Montserrat Day Hospitals for $139m

Healius (ASX: HLS) has today announced Maxine Jaquet will become th...

BlueScope Steel and former GM found guilty of cartel conduct

BlueScope Steel and former GM found guilty of cartel conduct

The Federal Court has found BlueScope Steel (ASX: BSL) and its...

Queensland doubles down on The Star with $100m fine and on-hold licence suspension

Queensland doubles down on The Star with $100m fine and on-hold licence suspension

The Star Entertainment Group (ASX: SGR) has been hit with a $1...