Medlab Pathology under investigation by OAIC Cyber Daily
pBreaking news and updates daily Subscribe to our NewsletterppExplore ppSECTIONSppMOREppThe Office of the Australian Information Commissioner OAIC has launched an investigation of Medlab Pathology over a data breach it suffered from at the beginning of 2022pp
SHARE
ppShare this article onppJoining Medibank and Optus in being investigated by the OAIC Medlab Pathology announced in October that it had been hit by a data breach in February that affected 223000 individualsppAustralian Clinical Labs which own Medlab Pathology said that the company became aware of an unauthorised thirdparty access to its IT system in February 2022ppMedlab Pathology told ACL of the breach in June The latter has stated that it had taken the forensic analysts and experts until now to determine the individuals and the nature of their information involvedppThe breach saw the details of credit cards Medicare cards pathology test results and individual names connected to each all exposedppLike the investigations into Optus and Medibank the OAIC is investigating the pathology companys protection of personal information practices and the level of compliance with Australian privacy standardsppAngelene Falk Australian information commissioner and privacy commissioner has said that the long time between the breach in February and the notification in October will be looked at during the investigationppAs the risk of serious harm to individuals can increase over time a key focus for the OAIC is the time taken by entities to identify assess and notify the office and affected individuals of data breaches said FalkppOrganisations must also be proactive in minimising the risk of data breaches by putting in place reasonable security stepsppIf the OAIC finds that Medlab Pathology failed to properly secure customer information it could file federal court proceedings and the pathology company could face fines of up to 22 millionppThe government recently approved legislation to increase the fine to either 50 million 30 per cent of adjusted turnover for the period or three times the financial gain from the misuse of data in the case of outstandingly shocking breachesppAs Medlab Pathologys breach occurred prior to these amendments it will only face the 22 million maximum finepp
Not displayed publicly
Gravatar enabled
pp
Comments powered by CComment ppBe the first to hear the latest developments in the cyber industryp
SHARE
ppShare this article onppJoining Medibank and Optus in being investigated by the OAIC Medlab Pathology announced in October that it had been hit by a data breach in February that affected 223000 individualsppAustralian Clinical Labs which own Medlab Pathology said that the company became aware of an unauthorised thirdparty access to its IT system in February 2022ppMedlab Pathology told ACL of the breach in June The latter has stated that it had taken the forensic analysts and experts until now to determine the individuals and the nature of their information involvedppThe breach saw the details of credit cards Medicare cards pathology test results and individual names connected to each all exposedppLike the investigations into Optus and Medibank the OAIC is investigating the pathology companys protection of personal information practices and the level of compliance with Australian privacy standardsppAngelene Falk Australian information commissioner and privacy commissioner has said that the long time between the breach in February and the notification in October will be looked at during the investigationppAs the risk of serious harm to individuals can increase over time a key focus for the OAIC is the time taken by entities to identify assess and notify the office and affected individuals of data breaches said FalkppOrganisations must also be proactive in minimising the risk of data breaches by putting in place reasonable security stepsppIf the OAIC finds that Medlab Pathology failed to properly secure customer information it could file federal court proceedings and the pathology company could face fines of up to 22 millionppThe government recently approved legislation to increase the fine to either 50 million 30 per cent of adjusted turnover for the period or three times the financial gain from the misuse of data in the case of outstandingly shocking breachesppAs Medlab Pathologys breach occurred prior to these amendments it will only face the 22 million maximum finepp
Not displayed publicly
Gravatar enabled
pp
Comments powered by CComment ppBe the first to hear the latest developments in the cyber industryp
