TissuPath tangled in data breach by Russian hacker group | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

TissuPath on August 27 alerted patients about the breach.

A TissuPath spokesman said the company is “investigating a data breach at a third-party IT supplier”, and that the group had received a ransomware notice which was reported immediately to authorities. TPG declined to comment.

“Exposed data includes scanned pathology request forms with information that includes patient names, dates of birth, contact details, Medicare numbers, and private health insurance details,” the TissuPath spokesman said.

Robert Potter, co-chief executive of Australian cybersecurity firm Internet 2.0, said ALPHV is “amongst the most active and sophisticated Russia-based ransomware gangs”. “It is highly sensitive patient data which is being leaked by an institution which wants to be paid for their efforts to steal it,” Mr Potter said.

Australia has been fertile ground for hackers over the past two years with cybercriminals using data to try to extort businesses.

Legal firm HWL Ebsworth was targeted by BlackCat in April when its hackers published confidential client information online after Australia’s largest legal partnership refused to pay a ransom of $US4.6 million ($7.2 million).

High-profile targets Medibank and telecommunications provider Optus also declined to pay ransoms demanded by hackers.

While ALPHV, or BlackCat, is Russia-based, that does not necessarily mean the hacks originated in Russia. The gang runs a ransomware-as-a-service model, which allows affiliates to sign up to use its ransomware, payment infrastructure and leak sites when extorting companies.

TissuPath alerted the Office of the Australian Information Commissioner and the Australian Cyber Security Centre, it said. Victoria Police, NSW Police and Home Affairs are also involved in the investigation.

The spokesman said that TissuPath’s main database and reporting system that stores patient diagnoses were not compromised. “Further, we do not store patient financial details and other personal information documents, such as driver’s licence numbers,” he said. “We are very sorry this has happened, and we sincerely apologise to our patients who may have been affected.”


Click Here For The Original Story From This Source.

National Cyber Security