2 min read

Data breach at Aussie pathology lab exposes PHI of over 220,000 customers

Alina BÎZGĂ

October 28, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Data breach at Aussie pathology lab exposes PHI of over 220,000 customers

Medical records and payment card information of over 220,000 patients have been exposed in a data breach at pathology service provider Australian Clinical Labs (ACL), the company disclosed earlier this week.

In a letter to impacted customers, ACL said the breach occurred following a ransomware attack at one of its subsidiaries - Medlab Pathology.
A variety of sensitive data was exposed in the attack, including protected health information (PHI):
· Full names and Medicare numbers of 128,608 customers
· 28,286 credit card numbers, 55% of which were expired and 12% of which included CVV codes
· Medical records and pathology test records of 17,539 individuals


Quantum ransomware gang claims responsibility


The Quantum threat group took credit for the cyberattack that occurred in February 2022 at Medlab Pathology. Stolen files containing 86GB of data were posted on the dark web on July 14 and, according to Bleeping Computer, the files also contain employee details, invoices and other private documents.
Although the hack took place over eight months ago, the ACL disclosed that its forensic investigation did not reveal data exfiltration. The company was notified by the Australian Cybersecurity Centre of the data leak.


“Medlab became aware of an unauthorised third-party access to its IT system in February 2022,” the data breach notice reads. “At the time, the external forensic specialists did not find any evidence that information had been compromised.”


The letter continues to explore the timeline of the investigation:


“In March, the company was contacted by the ACSC outlining that it had received intelligence that Medlab may have been the victim of a ransomware incident,” ACL added.

“The company responded to the request for information and confirmed that to its knowledge the company did not believe that any data had been compromised. In June, ACL was again approached by the ACSC, which informed ACL that it believed that Medlab information had been posted on the dark web. ACL took immediate steps to find and download this highly complex and unstructured data-set from the dark web and made efforts to permanently remove it.”

Although the company emphasized that it’s not aware of any misuse of stolen personal information from its customers, all impacted individuals will receive complimentary access to identity theft protection services and coverage of all costs relating to replacing compromised ID documents.

Upgrading your defenses in the data breach pandemic

Bitdefender offers state-of-the-art security and privacy plans that cater to all your digital needs, whether you’re looking for a solution to thwart identity theft or an easy way to manage your digital footprint and enhance your online safety.

With Bitdefender Ultimate Security plans (for the US only) you can protect your household devices with award-winning technologies that predict, prevent and remediate new and existing cyberthreats.

The all-in-one solution provides unlimited VPN traffic, and the cross-platform Password Manager and identity theft protection features including real-time fraud monitoring, data breach monitoring, credit report monitoring, fraud alerts, credit freeze and lost wallet assistance, and an insurance policy of up to $2 million, depending on your chosen plan.

If you need a handy tool to help you discover the extent of your digital footprint and avoid privacy threats including account takeovers due to a data breach or leak, check out Bitdefender Digital Identity Protection. The dedicated service enhances your privacy with 24/7 data breach monitoring, a complete mapping of your online presence and an easy way to sniff out social media impersonators.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices
Filip TRUȚĂ

January 31, 2023

1 min read
Code-Signing Certificates Stolen in GitHub Breach Code-Signing Certificates Stolen in GitHub Breach
Vlad CONSTANTINESCU

January 31, 2023

1 min read
Latvia says Russian hackers tried to phish its Ministry of Defence Latvia says Russian hackers tried to phish its Ministry of Defence
Graham CLULEY

January 30, 2023

2 min read