DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Australian Clinical Labs says data of 223,000 people hacked

Posted on October 27, 2022 by Dissent

Australian Clinical Labs said on Thursday its Medlab Pathology business suffered a data breach that affected health records and credit card information of about 223,000 patients and staff.

This is the latest in a series of hacks to rock corporate Australia, after the country’s biggest health insurer Medibank and No. 2 telco Optus were also hit by breaches that compromised the data of millions of customers

Read more at Yahoo! 

The claims by the corporation do not make a great deal of sense.

The Medlab Pathology breach was announced by Quantum Blog, who added the incident to their leak site with a data of June 14, 2022.  The threat actors wound up leaking 86 GB of data for anyone who wants to download it. Yet as recently as October 27 in a website notice, ACL claims:

To date, there is no evidence of misuse of any of the information or any demand made of Medlab or ACL.

No demand? The extortionists stole data and never made any extortion demand? Seriously?  Given  ACL’s repeated failures to detect the breach, can we have any confidence in their claim? Consider the timeline ACL provides in their statement:

Medlab became aware of an unauthorised third-party access to its IT system in February 2022. ACL immediately coordinated a forensic investigation led by independent external cyber experts into the Medlab incident. At the time, the external forensic specialists did not find any evidence that information had been compromised.

In March, the company was contacted by the ACSC outlining that it had received intelligence that Medlab may have been the victim of a ransomware incident. The company responded to the request for information and confirmed that to its knowledge the company did not believe that any data had been compromised.

In June, ACL was again approached by the ACSC, which informed ACL that it believed that Medlab information had been posted on the dark web. ACL took immediate steps to find and download this highly complex and unstructured data-set from the dark web and made efforts to permanently remove it.

They apparently were unable to get it removed, as the data are still available for download as of time of this publication. And yet they claim there was no ransom demand?

DataBreaches sent inquiries to both Medlab and Quantum, but has received no replies as yet.

 

Category: Breach IncidentsMalware

Post navigation

← HIPAA Security Rule Security Incident Procedures
PA: Data breach notification legislation heads to Gov. Wolf →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
  • UK: Two NHS trusts hit by cyberattack that exploited Ivanti flaw
  • Update: ALN Medical Management’s Data Breach Total Soars to More than 1.8 Million Patients Affected
  • Russian-linked hackers target UK Defense Ministry while posing as journalists
  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.