Australia reports another cyberattack incident following a security breach at the Australian Clinical Labs (ACL) that affected over 223,000 user accounts. According to the report, ACL’s Medlab Pathology business was breached by an unidentified entity that compromised its internal database.
Additionally, the ACL breach compromised over 17,500 individual health and medical records, over 28,000 financial data, customer information, and over 128,600 Medicare numbers.
The initial investigations of ACL on the security breach showed no signs of data misuse from the hackers.
The healthcare firm also shared that the threat actors who have hit their systems and stolen data have not demanded any monetary request or used the stolen data for malicious purposes. Moreover, the compromised Medlab server had been decommissioned as a part of the firm’s incident response. ACL’s broader systems were also said to be unaffected by the incident.
Based on the healthcare firm’s statement, they detected unauthorised third-party access to their IT systems last February. In the following month, the Australian Cyber Security Centre (ACSC) contacted them to notify them about being a victim of a ransomware incident and losing critical data to unknown threat actors.
ACL explained that the massive amount of impacted data caused them to have prolonged and extensive forensic investigation, allowing them to share the details of the attack’s nature and impact only recently. Last June, ACSC told the healthcare firm that the data stolen from their Medlab server had been posted on underground forums, which they immediately sought out and removed.
The Australian healthcare firm expressed its apologies to all affected customers. Moreover, they assured them that any assistance would be provided to those negatively affected by the security breach, asking them to report any suspicious activities that use their data.
Since September, several Australian firms have been victimised by threat actors and reported security breach incidents. These firms include Medibank, a health insurance giant, Optus telco, and the retail marketplace MyDeal. Collectively, the data breaches from these security incidents resulted in the compromise of millions of data of consumers.
