TissuPath, a specialist pathology firm in Australia, has experienced a data breach due to a cyber security incident. The breach involved a third-party supplier attack, accessing pathology referral records kept in a backup storage drive.
ID Support NSW, along with NSW and Commonwealth agencies, are working to support TissuPath to understand the extent and impact of the breach.
The Australian Government has been made aware that TissuPath, a specialist pathology firm, has experienced a data breach following a cyber security incident.
ID Support NSW is in contact with TissuPath, the National Cyber Security Coordinator, and relevant NSW and Commonwealth agencies to understand and assess the data that has been affected and manage the potential consequences of the data being published and the impact on individuals.
Details of the breach:
TissuPath Pathology Pty Ltd (TissuPath) released a statement on 24 August 2023, saying that it had experienced a cyber security incident.
Threat actors accessed pathology records by attacking a third-party suppliers' storage drive.
What has been impacted:
The storage drive that was accessed contained records from 2011 to 2020 specific to pathology referrals for suspected cancer patients.
For regular updates on the types of information collected, stored and impacted please visit TissuPath Cybersecurity Incident updates at: https://www.tissupath.com.au/cybersecurity-incident.
What action has happened?
TissuPath identified the issue and contained the breach by disabling user access, disconnecting data from the impacted servers, and blocking third-party access while investigations proceed.
TissuPath has notified all primary referring doctors, informing them of the security incident.
Government agencies notified and providing guidance and assistance:
- The Australian Signals Directorate's Australian Cyber Security Centre (ACSC)
- The Department of Health and Aged Care
- Office of the Australian Information Commissioner (OAIC)
- NSW and Victorian government agencies
What should you do?
Be alert for scams. Scammers may try to take advantage of this incident and claim to be from TissuPath, or a government agency, including NSW Health. Exercise caution if you receive an email, letter, phone call, or text message in relation to this breach.
If you believe this incident could have an impact on you.
- Look out for any suspicious activity across all online accounts.
- Report any suspicious activities or transactions in your bank account immediately to your financial institution.
- Do not click on any links in any email or SMS claiming to be from TissuPath.
- If someone calls claiming to be a representative of TissuPath and offers help with the reported data breach, it is highly likely to be a scammer trying to obtain further personal information. Do not provide any personal information; hang up and make your own enquiries independent of the details provided by the caller.
- Do not click on any links that look suspicious.
- Do not relay your password to anyone or allow remote access to your device.
We've outlined some precautions you can take to protect yourself online while the investigation is ongoing;
- Steps to restore your breached identification documents
- Check and safeguard your online accounts
- Steps to secure your device
We can help.
We can help you restore and protect your identity in the event of unauthorised access to your personal information. ID Support Advisors provide one on one support to guide you through the process of safeguarding your personal information, accounts, and devices.