TissuPath Pathology

TissuPath Pathology, also known as Tissupath, operates as a pathology service provider based in Australia, delivering diagnostic testing and related referral services to patients and referring clinicians. The organisation manages the collection, processing, and reporting of pathology results, which includes handling personal health information such as names, dates of birth, contact details, and Medicare numbers as part of its routine workflow. Its core activity centres on supporting clinical decision‑making by providing accurate laboratory analyses that inform treatment pathways across various medical specialties. The company maintains electronic systems for storing referral letters and associated patient data, including backup storage drives that were referenced in a recent cybersecurity incident.

In August 2023, TissuPath Pathology experienced a cybersecurity incident that originated from a supply chain attack on a third‑party supplier, whereby a compromised legitimate account was used to gain unauthorized access to a backup storage drive containing pathology referral letters. The breach exposed patient identifiers including names, dates of birth, contact details, and Medicare numbers, while the organisation confirmed that its primary diagnostic database and financial systems remained unaffected. Following the discovery, TissuPath reported the incident to the relevant Australian authorities and commenced a notification process to inform affected individuals and their treating doctors about the compromised data. The company’s response underscored its obligation to safeguard personal health information under Australian privacy legislation.

As a pathology provider, TissuPath distinguishes itself through its focus on delivering timely and reliable laboratory services that integrate directly with clinical referral pathways, a function that necessitates rigorous handling of sensitive patient identifiers. The organisation’s reliance on third‑party suppliers for certain IT infrastructure highlights a distinguishing attribute of its operational model, where external partnerships support data storage and backup functions. While the public sources do not disclose details about the company’s ownership structure or any parent‑subsidiary relationships, the incident response demonstrates a defined internal process for breach reporting and patient notification consistent with sector expectations for healthcare entities in Australia. These characteristics position TissuPath within the broader Australian healthcare landscape as a specialised service provider entrusted with managing confidential pathology data.