Quantum Radiology, a diagnostics firm based in Sydney, recently fell victim to a cyber attack orchestrated by a criminal group. The breach, which occurred on November 22nd, 2023, involved the theft of sensitive content followed by the encryption of information. Initially, the management attributed the disruption to a configuration error, reassuring staff that the website would be back online shortly.
However, emerging details now reveal that the Imaging and Diagnostics provider, operating 10 clinics across Sydney, was specifically targeted in a sophisticated ransomware attack. The criminals pilfered critical information such as Medicare numbers, identity-related details, image scans, and other radiology reports.
In an unusual turn of events, the company chose to inform medical practitioners about the breach through digital notifications but expressly instructed them to withhold information about the specific ransomware variant from the affected patients.
Contrary to global cybersecurity standards, which mandate that businesses notify impacted customers within 72 hours of a security incident, Australia, following the 2022 cyber attacks on its national infrastructure, has implemented stringent measures to ensure compliance.
Adding a layer of complexity to the situation, impacted patients are now receiving threatening phone calls from the cybercriminals responsible. These malicious actors are demanding compliance with their demands, threatening to expose the victims’ medical history on the dark web if ignored.
Australia, under the leadership of Anthony Albanese, has enacted robust cyber laws empowering data watchdogs to penalize firms lacking basic cybersecurity measures and the ability to safeguard user data. Quantum Radiology may soon find itself facing legal prosecution if found in violation of these cyber laws.