NSW Health affected by Frontier Software security breach

NSW Health Data Breach: Payroll Information of Over 1,600 Staff Affected!

NSW Health has recently confirmed that it has become the latest organisation to suffer a data breach in the Frontier Software cyber-attack at the end of 2021. According to an FAQ posted on its website, the breach has impacted staff or former staff who were employed by the Ministry of Health, as a senior executive of NSW Health, or in the Mental Health Review Tribunal, Health Professional Councils Authority, Official Visitors Program, Health Infrastructure, and the previous NSW Institute of Psychiatry between 2001 and 2015.

The breach may have exposed sensitive personal information, including name, residential address and telephone, date of birth, tax file number, BSB, and bank account number. A spokesperson for NSW Health has stated that Frontier Software has advised them that it took immediate steps to prevent data from being leaked and that the data is no longer accessible to unauthorised parties now or in the future.

NSW Health has confirmed that it has carried out extensive work with Frontier Software’s external cyber advisers to identify those impacted. The spokesperson further stated that the breach did not affect any non-executive current staff or former staff who have been employed exclusively through local health districts and public hospitals. Moreover, the incident did not involve any of NSW Health’s core systems or impact on any patient information, health or hospital records.

Affected individuals are being notified by email, and NSW Health considers that there is a significantly reduced risk associated with this data breach to affected persons. However, it still deemed it important to contact affected individuals. The ministry replaced Frontier Software with StaffLink in 2015.

Frontier Software is offering free IDCARE support to those who require it. The ransomware attack against Frontier Software took place in 2021, and in December of that year, the South Australian government revealed that as many as 80,000 of its employees may have been impacted. In September 2022, the Indigenous Land and Sea Corporation and Workskil Australia both emerged as victims. In November 2022, infrastructure business APA Group and agribusiness Viterra also confirmed they were affected by the data breach.