Cyber Incident Victim: Quantum Radiology
Date:
Oct 2023
Location:
Australia
Summary
A radiology clinic in western Sydney with multiple locations suffered a cyberattack, forcing a temporary shutdown of all operations and leaving patients without access to scans or medical results. Appointments were canceled without initial disclosure of the breach, with affected individuals informed only of an "unforeseen IT issue" while the business engaged law enforcement and cybersecurity experts. The incident's impact included prolonged service disruptions and uncertainty regarding potential compromise of personal medical information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Quantum Radiology, a radiology provider operating 10 practices across Sydney, experienced a disruptive cyberattack in late October 2023 that forced the temporary closure of all its facilities. The incident began impacting operations by at least Thursday, October 26, when clinics ceased functioning, though patients initially received no explicit notification about the nature of the disruption. Customers like David Montgomery reported having appointments abruptly canceled without detailed explanations, with Quantum Radiology attributing service interruptions only to an "unforeseen IT issue" in communications to affected individuals. For eight consecutive days following the initial closure, patients remained unaware their medical provider had suffered a cybersecurity breach, creating confusion and frustration among those needing access to diagnostic services. The organization eventually confirmed the cyberattack through a statement to 9News on November 1, revealing it had engaged law enforcement and cybersecurity professionals to manage the incident.
The attack caused significant operational paralysis, preventing hundreds of patients from accessing critical medical scans and test results during the closure period. Quantum Radiology's failure to promptly disclose the cyber incident left patients like Montgomery uninformed about both the reason for service disruptions and potential risks to their personal health information. While the company worked with police and cybersecurity experts to contain the breach, the public statement provided no confirmation about whether attackers compromised sensitive medical records or imaging studies during the intrusion. The prolonged shutdown of all 10 clinics created cascading healthcare delays, as patients could neither undergo scheduled imaging procedures nor retrieve existing results for ongoing medical care. Quantum Radiology's communication approach drew criticism for prioritizing vague operational explanations over transparent disclosure of the cybersecurity incident to affected individuals.