Australian Clinical Labs has accepted a proposed $5.8 million fine after a cyber attack in February 2022 lifted 17,500 pathology records and 128,500 Medicare numbers.

The Office of the Australian Information Commissioner had accused the company, one of Australia’s largest pathology providers, of taking inadequate steps to prevent the attack and waiting too long to notify authorities.

In October 2022, eight months after the security breach, Australian Clinical Labs (ACL) publicly revealed that data on 223,000 patients had been hacked from its recently acquired subsidiary, Medlab Pathology.

These included 17,500 pathology records, 128,500 Medicare numbers, and 28,000 credit card numbers — most of which were expired.