NSW Health admits patient data was breached in Accellion attack

It warned that 'identity information' and 'health-related personal information' were both accessed

The New South Wales Ministry of Health (NSW Health) has admitted that it was impacted by the global Accellion cyber attack earlier this year and is notifying patients whose data may have been accessed as a result. 

It warned that 'identity information' and 'health-related personal information' were both accessed in the attack, although medical records in public hospitals were not affected and the software involved is no longer in use by the organisation.

NSW Health added that it has been working with NSW Police and Cyber Security NSW and has found no evidence any of the information has been misused. 

"The privacy of individuals is of the utmost importance to NSW Health, and we are making impacted people aware of the attack so that they can take appropriate precautions and access our support services," said an NSW Health spokesperson.

A Cyber Incident helpline has been set up to provide information and support to those that the organisation is contacting. 

Furthermore, Strike Force Martine, set up by NSW Police and Cyber Security NSW, has been investigating the impact on NSW Government agencies that were caught up in the cyber attack in January on the US-based software provider.

IT Pro has asked NSW Health how many people were affected in this data breach.

Related Resource

The definitive guide to IT security

Protecting your MSP and your customers

The definitive guide to IT security for MSPs - whitepaper from LiongardDownload now

Around 100 organisations across the globe were affected by the Accellion hack, including global corporations, financial institutions, government departments, hospitals, and universities. Within this group, the company said that fewer than 25 appeared to have suffered significant data theft.

In February, hackers exploited several zero-day flaws in a legacy IT product developed by Accellion to attack several dozen groups, including Canadian airline manufacturer Bombardier. A portion of the organisation's data was compromised as an unauthorised attacker exploited vulnerabilities in Accellion's File Transfer Application (FTA) product. This data included confidential data relating to around 130 employees in Costa Rica, as well as customers and suppliers. 

Featured Resources

The challenge of securing the remote working employee

The IT Pro Guide to Sase and successful digital transformation

Free Download

VMware Cloud workload migration tools

Cloud migration types, phases, and strategies

Free download

Practices for maximising the business value of digital infrastructure Consumption-as- a-Service subscriptions

IDC PeerScape

Free Download

Container network security guide for dummies

Enforcing Kubernetes best practices

Free download

Recommended

Yahoo Japan will pay for staff flights to the office under new remote working policy
flexible working

Yahoo Japan will pay for staff flights to the office under new remote working policy

14 Jan 2022
Singapore to resume construction on new data centres following energy efficiency review
data centres

Singapore to resume construction on new data centres following energy efficiency review

14 Jan 2022
China to accelerate construction of national integrated big data centre system
Policy & legislation

China to accelerate construction of national integrated big data centre system

12 Jan 2022
IBM ramps up sustainability efforts with Envizi acquisition
Business strategy

IBM ramps up sustainability efforts with Envizi acquisition

12 Jan 2022

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022