A pathologist at work. Lisa Maree Williams/Getty Images
The parent company of a pathology laboratory has been ordered to pay $5.8 million in civil penalties for inadequately protecting patient data, in the first case brought under the Commonwealth Privacy Act.
The Federal Court found that Australian Clinical Labs (ACL) breached privacy law after a cyberattack on its Medlab Pathology business in 2022 led to the unauthorised access and theft of personal information belonging to more than 223,000 people.
