A cybersecurity incident has potentially exposed ten years’ worth of pathology referral letters at TissuPath, a pathology clinic in Victoria. Alongside this, real estate firm Barry Plant and owners corporation management company Strata Plan have also experienced potential incidents, according to national cybersecurity coordinator Darren Goldie.
TissuPath is currently investigating the breach and has apologized to affected patients. The data that may have been exposed includes scanned pathology request forms containing patient names, dates of birth, contact details, Medicare numbers, and private health insurance details. However, TissuPath has clarified that its main database and reporting system storing patient diagnoses remain uncompromised. The data breach has been associated with the ransomware gang ALPHV, although Goldie has refrained from attributing the attack.
TissuPath has sent notification letters to primary referring doctors and is in the process of contacting affected individuals. The Australian Cyber Security Centre (ACSC) is offering technical advice and assistance, and TissuPath has also informed the Office of the Australian Information Commissioner. The breach was initially reported by Cyber Security Connect, with TissuPath subsequently confirming the timeline. The incident began on 24 August after a third-party supplier was targeted, allowing access to a storage drive.
Additionally, Barry Plant’s Blackburn office in Melbourne experienced a cyber incident involving an external service provider, but the Barry Plant Group’s systems were unaffected. Strata Plan has said that its data may have been impacted by a cyber attack against a third-party service provider, and an investigation is currently underway with the support of cybersecurity experts. The ALPHV group was previously associated with the hack of Australian law firm HWL Ebsworth in April.