Accellion software cyber attack - Frequently asked questions

On this page

What is Accellion FTA and how does it involve NSW Health?

Accellion, Inc. is an American-based technology company and developer of the file sharing service ‘Accellion FTA’, which was compromised in a sophisticated cyber-attack from mid-December through to January 2021.

NSW Health was one of more than 100 Accellion clients worldwide (in government, finance, legal, retail, education, telecommunications, healthcare and manufacturing) that sustained data breaches as a result.

How do I know if I been affected?

You will be contacted by NSW Health directly.

NSW Health has been working with NSW Police and Cyber Security NSW over many months to identify patients and staff whose information may have been caught up in the cyber-attack on the software provider.

This has been a complex and time-consuming process to forensically search through NSW Health information.

What information was taken and has it been used?

To date, authorities have found no evidence any of the captured information has been misused however, specialist advice will be offered to those affected to help safeguard their personal details.

Different types of information, including identity information and in some cases, health-related personal information, were included in the attack.

However, there was no third-party access to electronic medical records systems used by public hospitals, and public hospital patient records and hospital operating systems remain secure.

Is NSW Health still using this software?

No. NSW Health has removed and no longer uses the FTA system.

Who can people contact if they’re unsure whether or not an approach is genuine?

Regardless of whether you are affected by the data breach, Cyber Security NSW recommends that all NSW residents take steps to protect their personal information in the following ways:

  • Wherever possible implement multi-factor authentication on online accounts e.g. get an additional code sent to your phone by SMS before you can log into your account.
  • Never respond to unsolicited phone calls, emails or text messages.
  • Scammers impersonate government and business to convince people to take action, often urgently. If you aren’t sure, do your own research and make contact using publicly listed contact details for the organisation
  • Ensure anti-virus software is installed on all online devices and updated regularly.

Anyone who receives a call from someone asking for personal or health data, and doubts the communication is genuine, should contact the relevant government agency using publicly listed details. There are more resources available at IDCARE.org, including tips for keeping your identity safe when online.

Current as at: Friday 28 May 2021
Contact page owner: NSW Health