cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Medlab Pathology under investigation by OAIC

The Office of the Australian Information Commissioner (OAIC) has launched an investigation of Medlab Pathology over a data breach it suffered from at the beginning of 2022.

user icon Daniel Croft
Tue, 06 Dec 2022
Medlab Pathology under investigation by OAIC
expand image

Joining Medibank and Optus in being investigated by the OAIC, Medlab Pathology announced in October that it had been hit by a data breach in February that affected 223,000 individuals.

Australian Clinical Labs, which own Medlab Pathology, said that the company “became aware of an unauthorised third-party access to its IT system in February 2022”.

Medlab Pathology told ACL of the breach in June. The latter has stated that it had taken the forensic analysts and experts until now to determine the individuals and the nature of their information involved”.


The breach saw the details of credit cards, Medicare cards, pathology test results and individual names connected to each all exposed.

Like the investigations into Optus and Medibank, the OAIC is investigating the pathology company’s protection of personal information practices and the level of compliance with Australian privacy standards.

Angelene Falk, Australian information commissioner and privacy commissioner, has said that the long time between the breach in February and the notification in October will be looked at during the investigation.

“As the risk of serious harm to individuals can increase over time, a key focus for the OAIC is the time taken by entities to identify, assess and notify the office and affected individuals of data breaches,” said Falk.

“Organisations must also be proactive in minimising the risk of data breaches by putting in place reasonable security steps.”

If the OAIC finds that Medlab Pathology failed to properly secure customer information, it could file federal court proceedings and the pathology company could face fines of up to $2.2 million.

The government recently approved legislation to increase the fine to either $50 million, 30 per cent of adjusted turnover for the period or three times the financial gain from the misuse of data in the case of outstandingly shocking breaches.

As Medlab Pathology’s breach occurred prior to these amendments, it will only face the $2.2 million maximum fine.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.