2 min read

Data breach at Aussie pathology lab exposes PHI of over 220,000 customers

Alina BÎZGĂ

October 28, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Data breach at Aussie pathology lab exposes PHI of over 220,000 customers

Medical records and payment card information of over 220,000 patients have been exposed in a data breach at pathology service provider Australian Clinical Labs (ACL), the company disclosed earlier this week.

In a letter to impacted customers, ACL said the breach occurred following a ransomware attack at one of its subsidiaries - Medlab Pathology.
A variety of sensitive data was exposed in the attack, including protected health information (PHI):
· Full names and Medicare numbers of 128,608 customers
· 28,286 credit card numbers, 55% of which were expired and 12% of which included CVV codes
· Medical records and pathology test records of 17,539 individuals


Quantum ransomware gang claims responsibility


The Quantum threat group took credit for the cyberattack that occurred in February 2022 at Medlab Pathology. Stolen files containing 86GB of data were posted on the dark web on July 14 and, according to Bleeping Computer, the files also contain employee details, invoices and other private documents.
Although the hack took place over eight months ago, the ACL disclosed that its forensic investigation did not reveal data exfiltration. The company was notified by the Australian Cybersecurity Centre of the data leak.


“Medlab became aware of an unauthorised third-party access to its IT system in February 2022,” the data breach notice reads. “At the time, the external forensic specialists did not find any evidence that information had been compromised.”


The letter continues to explore the timeline of the investigation:


“In March, the company was contacted by the ACSC outlining that it had received intelligence that Medlab may have been the victim of a ransomware incident,” ACL added.

“The company responded to the request for information and confirmed that to its knowledge the company did not believe that any data had been compromised. In June, ACL was again approached by the ACSC, which informed ACL that it believed that Medlab information had been posted on the dark web. ACL took immediate steps to find and download this highly complex and unstructured data-set from the dark web and made efforts to permanently remove it.”

Although the company emphasized that it’s not aware of any misuse of stolen personal information from its customers, all impacted individuals will receive complimentary access to identity theft protection services and coverage of all costs relating to replacing compromised ID documents.

Upgrading your defenses in the data breach pandemic

Bitdefender offers state-of-the-art security and privacy plans that cater to all your digital needs, whether you’re looking for a solution to thwart identity theft or an easy way to manage your digital footprint and enhance your online safety.

With Bitdefender Ultimate Security plans (for the US only) you can protect your household devices with award-winning technologies that predict, prevent and remediate new and existing cyberthreats.

The all-in-one solution provides unlimited VPN traffic, and the cross-platform Password Manager and identity theft protection features including real-time fraud monitoring, data breach monitoring, credit report monitoring, fraud alerts, credit freeze and lost wallet assistance, and an insurance policy of up to $2 million, depending on your chosen plan.

If you need a handy tool to help you discover the extent of your digital footprint and avoid privacy threats including account takeovers due to a data breach or leak, check out Bitdefender Digital Identity Protection. The dedicated service enhances your privacy with 24/7 data breach monitoring, a complete mapping of your online presence and an easy way to sniff out social media impersonators.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Authorities Dismantle iSpoof Criminal Phone Spoofing Operation, Arresting 142 Authorities Dismantle iSpoof Criminal Phone Spoofing Operation, Arresting 142
Vlad CONSTANTINESCU

November 25, 2022

1 min read
975 Arrested by Interpol Over Phishing, Romance Scams, Sextortion and Investment Fraud 975 Arrested by Interpol Over Phishing, Romance Scams, Sextortion and Investment Fraud
Filip TRUȚĂ

November 25, 2022

2 min read
How SIM Swapping Attacks Work and How to Protect Yourself How SIM Swapping Attacks Work and How to Protect Yourself
Filip TRUȚĂ

November 25, 2022

3 min read