Major pathology provider could be fined millions over hack response

The Australian Information Commissioner launched civil proceedings in the Federal Court of Australia.

Australian Clinical Labs could face millions of dollars in fines over a 2022 hack involving data on 200,000 patients.

Australian Information Commissioner Angelene Falk has launched court proceedings against the pathology company, which she alleges failed to take reasonable steps between May 2021 and September 2022 to prevent a cyber attack.  

The commissioner also alleges that Australian Clinical Labs (ACL) failed to report the February 2022 breach of its subsidiary Medlab “as soon as practical”.  

ACL revealed in October 2022 that data on 223,000 patients were hacked, including 17,500 pathology records, 128,500 Medicare numbers and 28,000 credit card numbers, though most were expired.