NSW Health

NSW Health operates as the public health authority for the state of New South Wales, Australia, delivering a comprehensive range of health services and programs to the community. As a government entity, its mandate encompasses the management of public hospitals, community health services, and health policy implementation across the state. The organisation's digital infrastructure supports these critical functions, handling sensitive health information as part of its daily operations. In December 2020, NSW Health was notably impacted by a significant cybersecurity incident that exploited vulnerabilities in a third-party file transfer service. This event underscored the risks associated with legacy software used by government agencies for data exchange.

The cyberattack targeted the Accellion File Transfer Appliance, a legacy system used by multiple NSW government agencies, including NSW Health. Attackers affiliated with the FIN11 group leveraged SQL injection flaws to deploy web shells and exfiltrate data from the compromised platform. While unauthorised access to some data occurred, forensic investigations confirmed the breach was contained strictly within the Accellion environment. Crucially, there was no lateral movement into other internal networks, meaning core operational systems such as electronic medical records, public health databases, and associated infrastructure remained unaffected. The incident involved extortion attempts, with threats to release stolen data, and some information was subsequently published. The vendor, Accellion, responded by patching the identified vulnerabilities and expedited the planned retirement of the outdated service, mitigating future risk for its clients.