The New South Wales Ministry of Health (NSW Health) has confirmed that it was impacted by a cyberattack involving the Accellion file transfer system. The system was widely used to share and store files by organizations across the globe, including NSW Health.
NSW Health has been working with NSW Police and Cyber Security NSW and to date, and so far, there is no evidence any of the information has been misused. Strike Force Martine has been set up to determine the impact on NSW government agencies that were caught up in the attack on Accellion.
It is estimated that some 100 organizations across the globe were affected by the Accellion hack, including global corporations, financial institutions, government departments, hospitals, and universities. Within this group, the company said that fewer than 25 appeared to have suffered significant data theft.
"Following the NSW government's advice earlier this year around a worldwide cyber-attack that included NSW government agencies, NSW Health is notifying people whose data may have been accessed in the global Accellion cyber-attack. Different types of information, including identity information and in some cases, health-related personal information, were included in the attack," NSW Health spokesperson stated.
The local authorities said medical records in public hospitals were not stolen and the software involved is no longer in use by NSW Health.
“A cyber incident help line has been set up to provide further information and support to those people NSW Health is contacting. If you are contacted by NSW Health, you will be given the cyber incident help line details; if you are not contacted by NSW Health, no action is required. The privacy of individuals is of the utmost importance to NSW Health, and we are making impacted people aware of the attack so that they can take appropriate precautions and access our support services," the spokesperson added.
In April 2020, the NSW government suffered a cyberattack compromising the private records of 186,000 customers. After an investigation that lasted four months, Service NSW said it discovered that 738GB of data (over 3.8 million documents), was stolen from 47 staff email accounts.
The Australian Securities and Investments Commission (ASIC) confirmed in January that one of its servers was breached in relation to Accellion software used by the agency to transfer files and attachments.