But the Australian Cyber Security Centre, the government-led security organisation, contacted ACL in March, asking the healthcare company if it had been the victim of a ransomware incident. The ACSC said it had received intelligence that a breach had happened, but ACL said nothing had been compromised.
In June, the ACSC contacted ACL again and informed the company that Medlab information had been posted on the dark web.
Free credit monitoring
ACL said it took immediate steps to find and download the “highly complicated” and unstructured data-set from the dark web and “made efforts to permanently remove it”.
It has taken until now for ACL to determine the nature of the personal data stolen and whether any individuals could be at risk of serious harm from the hack.
ACL said it will begin directly contacting at-risk individuals by email and post, and had established an inbound response team.
It said it was working with federal and state government authorities to offer free credit monitoring or ID document replacement to affected people.
“On behalf of Medlab, we apologise sincerely and deeply regret that this incident occurred,” ACL chief executive Melinda McGrath said in a statement.
“We recognise the concern and inconvenience this incident may cause those who have used Medlab’s services and have taken steps to identify individuals affected. We are in the process of providing tailored notifications to the individuals involved.
“We want to assure all individuals involved that ACL is committed to providing every reasonable support to them. We will continue to work with the relevant authorities.”
Australian Clinical Labs is the No.3 player in the pathology market in Australia with a market capitalisation of $714 million.
Read More: news.google.com