Australian Clinical Labs, one of Australia's largest pathology providers said hackers stole medical data of thousands of patients, the country's second such breach in two weeks, deepening fears about how companies collect sensitive customer information.
The disclosure on Thursday sent shares of Australian
Clinical Labs to their lowest point since listing last year and extends a wave
of hacks that has shaken the country's biggest companies. A day earlier, the
country's top health insurer Medibank said criminals took data of all 4 million
of its customers.
ACL said it first knew of unauthorised access to the IT
system of its pathology unit, Medlab, in February and received advice that no
information was compromised. The government cybersecurity agency notified it in
June that its data had been posted on the Dark Web, a system of websites only
accessible through certain browsers.
The company said it then hired forensic analysts to study
the "complex and unstructured" dataset found there, learning that
223,000 patients' data had been exposed, including medical and health records
for about 18,000 people.
There was no ransom demand or evidence of misuse of the
data, but "we recognise the concern and inconvenience this incident may
cause those who have used Medlab's services and have taken steps to identify
individuals affected", ACL Chief Executive Officer Melinda McGrath said in
a statement.
Private equity firm Crescent Capital, which listed ACL in
2021 and holds 23 percent of its shares, declined to comment. Crescent sold
14.3 percent of the company in August, stock market filings show.
Outside of health providers, corporate Australia has been
bracing since September 22, when the country's second-largest telco, Singapore
Telecommunications-owned Optus, disclosed a breach of up to 10 million customer
accounts, equivalent to 40 percent of the country's population.
Top grocery chain Woolworths then revealed that the data of
millions of customers using its bargain shopping website had been compromised.
A raft of smaller and unlisted companies have also made breach notifications,
prompting lawyers to question the amount of data that private enterprises are
allowed to collect, and for how long. © Reuters
0 comments:
Post a Comment