Quantum Radiology recovers majority of data encrypted in the 2023 cyber attack

Quantum Radiology, a prominent radiology clinic in Sydney, has successfully decrypted most patient records following a significant cyber attack last year. In a recent update on its website, the clinic detailed its recovery efforts and outlined potential risks to personal information.

After decrypting its main IT systems, Quantum Radiology analyzed the potentially impacted data, identifying that Medicare, Centrelink, and possibly Veteran card information could be at risk. The clinic assured that if any of these details provided before the cyber incident remain current and unexpired, affected individuals would be contacted by mail by July 31, 2024, with guidance on safeguarding their personal information.

Quantum Radiology clarified that it does not collect or store credit card data or scanned copies of identity cards such as Medicare, Centrelink, or Veteran cards. Importantly, the clinic confirmed that no My Health Record data was compromised in the attack, and no evidence suggests any data was posted on the dark web.

The cyber attack, which came to light on November 22, 2023, led to significant disruptions. Without further explanation, customers were met with signs at the clinic’s 10 locations indicating IT system outages and appointment cancellations. This prompted frustration among patients without access to their medical results and scans, leading to delays in subsequent medical appointments.

In December, Quantum Radiology publicly acknowledged the cyber incident, revealing that an unauthorized third party had accessed its IT systems and encrypted their contents. Immediate actions were taken to contain the incident, and forensic specialists were engaged to investigate the breach. Relevant Australian government authorities and the police were also notified.

Despite the official confirmation of the cyber attack, internal communications instructed staff to describe the incident to patients as an “operational IT issue” to avoid confusion and unnecessary concern. This approach aimed to maintain a consistent message across all patient interactions. Notably, Quantum Radiology faced criticism for its initial handling of the situation, with media reports highlighting the lack of transparency.