NSW Health has confirmed that personal data may have been accessed during the global Accellion cyber attack last December, but says medical record systems were not affected and it is no longer using the legacy software.

US-headquartered Accellion, which specialises in secure file sharing software, saw its legacy File Transfer Appliance software hacked in a zero-day exploit last year, with around 100 organisations around the world affected, including Shell Oil, the University of California, the Australian Securities and Investments Commission, the Reserve Bank of New Zealand and NSW Health.