NSW Health confirms data breached due to Accellion vulnerability

3 years ago 188
BOOK THIS SPACE FOR AD
ARTICLE AD

New South Wales Health has confirmed being impacted by a cyber attack involving the file transfer system owned by Accellion.  

The system was widely used to share and store files by organisations around the world, including NSW Health, the government entity said on Friday afternoon.

"Following the NSW government's advice earlier this year around a world-wide cyber attack that included NSW government agencies, NSW Health is notifying people whose data may have been accessed in the global Accellion cyber attack," it said in a statement.

The state entity said medical records in public hospitals were not affected and the software involved is no longer in use by NSW Health.

"Different types of information, including identity information and in some cases, health-related personal information, were included in the attack," it added.

NSW Health said it has been working with NSW Police and Cyber Security NSW and that to date, there is no evidence any of the information has been misused.

See also: How NSW Health used tech to respond to COVID-19

"A cyber incident help line has been set up to provide further information and support to those people NSW Health is contacting," it said. "If you are contacted by NSW Health, you will be given the cyber incident help line details; if you are not contacted by NSW Health, no action is required."

The NSW Police Force and Cyber Security NSW have set up Strike Force Martine to determine the impact on NSW government agencies that were caught up in the attack on Accellion.

Accellion's file-sharing program, File Transfer Appliance, is an enterprise product used to transfer large files. While now discontinued and supplanted by other software such as Kiteworks, a zero-day vulnerability in the legacy software was found in December and has since been exploited by attackers in the wild. 

It is estimated that some 100 organisations around the world were among those affected by the breach.

Transport for NSW in February confirmed being caught up in the breach.

The Australian Securities and Investments Commission (ASIC) in January said one of its servers was breached earlier in the month in relation to Accellion software used by the agency to transfer files and attachments.

Accellion was also used as the vector to breach the Reserve Bank of New Zealand (RBNZ) in January.

HERE'S MORE

NSW cyber strategy demands government lead by exampleNSW readies its own data breach notification scheme for state agenciesTransport for NSW confirms data taken in Accellion breachNSW government sets up cyber and privacy resilience group to keep customer data safeNSW pledges AU$60m to create cyber 'army'Service NSW expecting cyber attack to set it back AU$7m in legal and investigation costs
Read Entire Article