Pathology company Australian Clinical Labs (or ACL) has revealed it was hit by a cyber attack eight months ago, with the data of 223,000 people accessed and some of it posted to the dark web.
Hacked information included Medicare details, credit cards and pathology results
The publicly listed company said it first learned of the attack in February but originally believed no data was stolen.
ACL said the breach affected its subsidiary Medlab, and the data accessed included staff as well as patients.
Medlab Pathology is a business operating in NSW and Queensland that was acquired by ACL in late 2021.
ACL said the most concerning breaches included more than 17,000 individual medical and health records associated with a pathology test, and over 28,000 credit card numbers and individuals' names.
Although around half of the cards had expired, more than 3,000 had a CVV code attached.
"To date, there is no evidence of misuse of any of the information or any demand made of Medlab or ACL," the company stated.
ACL said it would start contacting impacted people this week, and that Medlab customers should monitor their email and postal mail in the coming weeks.
It has also set up a crisis hotline for people to call once they confirm they were impacted. The number is 1800 433 980.
CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.
If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us
We couldn't do this without the support of our sponsors and contributors.