Australian Clinical Labs (ACL) has disclosed a February 2022 data breach that impacted its Medlab Pathology business, exposing the medical records and other sensitive information of 223,000 people.
ACL is an Australian healthcare company that operates 89 laboratories and performs six million tests annually, offering its services to 92 private and public hospitals across Australia.
While the firm says it’s not aware of any misuse of the stolen information, it is notifying all impacted clients individually of what data was exposed in the attack.
A data breach incident notification published today gives the following summary of leaked data:
- 128,608 Medicare numbers, along with full names.
- 28,286 credit card numbers, 12% of which include CVV code, and 55% expired.
- 17,539 individual medical and health records associated with pathology tests.
Australia’s Cyber Security Center (ACSC) and the Office of the Information Commissioner (OAIC) have already been notified about the incident earlier in the year, with ACSC initially warning MedLab that hackers posted their data to the dark web.
All impacted individuals will also be offered free-of-charge credit monitoring and identity theft protection services, while ACL will cover the costs of ID document replacements where needed.
