Australian New South Wales (NSW) Health has confirmed that data was breached due to the Accellion vulnerability.
New South Wales Health has confirmed that it was affected by a cyberattack that exploited flaws in Accellion’s file transfer system.
The NSW government has started notifying people about that their data was affected by the global Accellion cyber attack:
“Following the NSW government’s advice earlier this year around a world-wide cyber attack that included NSW government agencies, NSW Health is notifying people whose data may have been accessed in the global Accellion cyber attack,” it said in a statement.
The attack did not affect the records of public hospitals, according to the state entity. It said the affected software was no longer used by the department.
“Different types of information, including identity information and in some cases, health-related personal information, were included in the attack.”
A joint investigation with NSW Police and Cyber Security NSW surfaced no evidence that the information has been misused.
A cyber incident help line has been established to support people who have been impacted.
“A cyber incident help line has been set up to provide further information and support to those people NSW Health is contacting,” it said. “If you are contacted by NSW Health, you will be given the cyber incident help line details; if you are not contacted by NSW Health, no action is required.”
Strike Force Martine has been set up to investigate the impact of the Accellion attack on NSW government agencies.
Accellion’s File Transfer Appliance has been discontinued. A zero-day vulnerability in the software exploited by attackers was discovered in December 2020. Around 100 organizations globally were affected by the Accellion breach. Some of them include the Australian Securities and Investment Commission, the Reserve Bank of New Zealand (RBNZ), and the Transport for NSW.