In November 2021, an unauthorised third party accessed data from Frontier Software, a payroll software provider. The data included personal information from a payroll system previously used by NSW Health.
Around 1600 former and current employees of the Ministry of Health or whose payroll was processed by the Ministry of Health have been impacted by the cyber-attack.
Medical records in public hospitals were not affected and the software involved is no longer in use by NSW Health.
Frontier informed NSW Health that they took immediate steps to prevent any further access to the data, prevent it being published on the dark web, and to protect against it being misused either now or in the future. Ongoing monitoring confirms that no data from the breach has been uploaded to the dark web.
The data breach impacted current and former staff who were employed from 2001 to 2015 at one of the following Health Entities:
Senior Executives at NSW Health were also impacted by the breach.
The breach does not affect any non-executive current or former staff who have been employed exclusively through local health districts and public hospitals.
Current employees who have been impacted will be personally notified. For former staff, you can find out if you were impacted by the breach by calling the dedicated NSW Health helpline 1300 679 367 (option 9).
Current and former staff who have been impacted by the data breach will be advised to call IDCARE. IDCARE is not-for-profit charity that connects the community to identity and cyber security case managers who listen and provide advice on how to respond to data breaches, scams, identity theft and cyber security concerns.
The safety and security of all NSW Health systems remains of highest importance and is continually monitored and safeguarded. We acknowledge the seriousness of this incident and apologise for the distress that a data breach causes to the community.
For more information refer to Frontier Software cyber attack and data breach - Frequently asked questions.