Frontier Software breach spreads to NSW Health

Ministry of Health staff impacted.

NSW Health is the latest organisation to learn that it had data leaked in the Frontier Software data breach.

In a recent FAQ posted to its website, NSW Health said the breach impacted staff or former staff who were “employed by the Ministry of Health, as a senior executive of NSW Health, or in the Mental Health Review Tribunal, Health Professional Councils Authority, Official Visitors Program, Health Infrastructure, and the previous NSW Institute of Psychiatry between 2001 and 2015”.

The data affected by the breach may include name, residential address and telephone, date of birth, tax file number, BSB and financial institution (bank) account number.

“NSW Health has been advised by Frontier Software that payroll information of around 1600 former and current staff employed within the Ministry of Health, or whose payroll was processed by the Ministry of Health, between 2001 and 2015 was included in the Frontier Software cyber-attack at the end of 2021 and was subject to a data breach,” a NSW Health spokesperson told iTnews.

“Frontier Software has advised NSW Health that it took immediate steps to prevent 
the data from being leaked, and that the data is no longer accessible to unauthorised 
parties now, or in the future.”

NSW Health told iTnews it carried out extensive work with Frontier Software’s external cyber advisers to identify those impacted.

“The breach has not affected any non-executive current staff or former staff, who have been employed exclusively through local health districts and public hospitals,” the spokesperson said.

“The incident did not involve any of NSW Health’s core systems, or impact on any patient information, health or hospital records.”

Health said affected individuals are being notified by email.

“NSW Health considers that there is a significantly reduced risk associated with this data breach to affected persons, but nevertheless, considered it important to contact affected individuals,” the spokesperson told iTnews.

The ministry replaced Frontier Software with StaffLink in 2015.

Frontier Software is offering free IDCARE support to those who require it.

The ransomware attack against Frontier Software took place in 2021, and in December of that year, the South Australian government revealed that as many as 80,000 of its employees may have been impacted.

In September 2022, the Indigenous Land and Sea Corporation and Workskil Australia both emerged as victims, and in November 2022, infrastructure business APA Group and agribusiness Viterra they too were affected.

Source –