DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

Australian Clinical Labs says data of 223,000 people hacked

Posted on October 27, 2022 by Dissent

Australian Clinical Labs said on Thursday its Medlab Pathology business suffered a data breach that affected health records and credit card information of about 223,000 patients and staff.

This is the latest in a series of hacks to rock corporate Australia, after the country’s biggest health insurer Medibank and No. 2 telco Optus were also hit by breaches that compromised the data of millions of customers

Read more at Yahoo! 

The claims by the corporation do not make a great deal of sense.

The Medlab Pathology breach was announced by Quantum Blog, who added the incident to their leak site with a data of June 14, 2022.  The threat actors wound up leaking 86 GB of data for anyone who wants to download it. Yet as recently as October 27 in a website notice, ACL claims:

To date, there is no evidence of misuse of any of the information or any demand made of Medlab or ACL.

No demand? The extortionists stole data and never made any extortion demand? Seriously?  Given  ACL’s repeated failures to detect the breach, can we have any confidence in their claim? Consider the timeline ACL provides in their statement:

Medlab became aware of an unauthorised third-party access to its IT system in February 2022. ACL immediately coordinated a forensic investigation led by independent external cyber experts into the Medlab incident. At the time, the external forensic specialists did not find any evidence that information had been compromised.

In March, the company was contacted by the ACSC outlining that it had received intelligence that Medlab may have been the victim of a ransomware incident. The company responded to the request for information and confirmed that to its knowledge the company did not believe that any data had been compromised.

In June, ACL was again approached by the ACSC, which informed ACL that it believed that Medlab information had been posted on the dark web. ACL took immediate steps to find and download this highly complex and unstructured data-set from the dark web and made efforts to permanently remove it.

They apparently were unable to get it removed, as the data are still available for download as of time of this publication. And yet they claim there was no ransom demand?

DataBreaches sent inquiries to both Medlab and Quantum, but has received no replies as yet.

 

Related Posts:

  • Australian Clinical Labs to face court over 2022 data breach
  • Paying off hackers is common, says top Australian…
  • AU: Medibank's latest update reveals more woes; My…
  • Pathology Lab Has Most of Patient’s Data Breach…
  • Australia's Medibank reports cyber incident, shares…

Post navigation

← HIPAA Security Rule Security Incident Procedures
PA: Data breach notification legislation heads to Gov. Wolf →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • DFS Announces $1 Million Cybersecurity Settlement With First American Title Insurance Company
  • ID Theft Service Resold Access to USInfoSearch Data
  • Okta admits hackers accessed data on all customers during recent breach
  • Hackers breach Israel intelligence group’s website
  • Queensland passes mandatory data breach notice laws
  • A cyberattack hit thousands of people in Louisiana. They’re still in the dark months later. (1)
  • KidSecurity’s user data compromised after app failed to set password
  • Hacker breaks silence following a decade behind bars in Cybernews documentary

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net