Medical records and payment card information of over 220,000 patients have been exposed in a data breach at pathology service provider Australian Clinical Labs (ACL), the company disclosed earlier this week.
In a letter to impacted customers, ACL said the breach occurred following a ransomware attack at one of its subsidiaries - Medlab Pathology.
A variety of sensitive data was exposed in the attack, including protected health information (PHI):
· Full names and Medicare numbers of 128,608 customers
· 28,286 credit card numbers, 55% of which were expired and 12% of which included CVV codes
· Medical records and pathology test records of 17,539 individuals
The Quantum threat group took credit for the cyberattack that occurred in February 2022 at Medlab Pathology. Stolen files containing 86GB of data were posted on the dark web on July 14 and, according to Bleeping Computer, the files also contain employee details, invoices and other private documents.
Although the hack took place over eight months ago, the ACL disclosed that its forensic investigation did not reveal data exfiltration. The company was notified by the Australian Cybersecurity Centre of the data leak.
“Medlab became aware of an unauthorised third-party access to its IT system in February 2022,” the data breach notice reads. “At the time, the external forensic specialists did not find any evidence that information had been compromised.”
The letter continues to explore the timeline of the investigation:
“In March, the company was contacted by the ACSC outlining that it had received intelligence that Medlab may have been the victim of a ransomware incident,” ACL added.
“The company responded to the request for information and confirmed that to its knowledge the company did not believe that any data had been compromised. In June, ACL was again approached by the ACSC, which informed ACL that it believed that Medlab information had been posted on the dark web. ACL took immediate steps to find and download this highly complex and unstructured data-set from the dark web and made efforts to permanently remove it.”
Although the company emphasized that it’s not aware of any misuse of stolen personal information from its customers, all impacted individuals will receive complimentary access to identity theft protection services and coverage of all costs relating to replacing compromised ID documents.
Bitdefender offers state-of-the-art security and privacy plans that cater to all your digital needs, whether you’re looking for a solution to thwart identity theft or an easy way to manage your digital footprint and enhance your online safety.
With Bitdefender Ultimate Security plans (for the US only) you can protect your household devices with award-winning technologies that predict, prevent and remediate new and existing cyberthreats.
The all-in-one solution provides unlimited VPN traffic, and the cross-platform Password Manager and identity theft protection features including real-time fraud monitoring, data breach monitoring, credit report monitoring, fraud alerts, credit freeze and lost wallet assistance, and an insurance policy of up to $2 million, depending on your chosen plan.
If you need a handy tool to help you discover the extent of your digital footprint and avoid privacy threats including account takeovers due to a data breach or leak, check out Bitdefender Digital Identity Protection. The dedicated service enhances your privacy with 24/7 data breach monitoring, a complete mapping of your online presence and an easy way to sniff out social media impersonators.
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsNovember 14, 2024
September 06, 2024