(08) 7160 1187
(08) 8351 7787
Facebook
Twitter
Linkedin
Home
About Us
Services
Allied Health
Dietitian
Physiotherapy
PRP Therapy
Prolotherapy
Contact Us
NOTIFICATION TO ALL PATIENTS REGARDING A POSSIBLE DATA BREACH
This notification is to update all our patients about the cyber-incident that affected Brickworks Medical Centre (
BMC
) last year. We previously placed a notification on our website about this incident, which can be accessed
here
. This notification is intended as an update to that notification.
The forensic IT specialists we engaged recently concluded their investigation of the potentially compromised email accounts. As a result of that investigation we discovered evidence of our 'info' mailbox (
info@brickworksmedical.com.au
) having been compromised by malware for several days beginning on 20 October 2020. Our 'admin' account (
admin@brickworksmedical.com.au
) appears not to have been compromised although it was the subject of phishing attempts.
During the several days the malware was active, the attacker obtained some email address from our mailbox and sent those addresses phishing emails to try to gain access to their mailboxes. We have notified those individuals who we found evidence of having been affected.
We sincerely apologise for this security breach. Since that time we have upgraded our IT systems and transitioned our email accounts to more secure servers. We have also instigated a policy to ensure that emails are regularly removed from our mailboxes and archived externally so as to mitigate any future attacks.
While we have confirmed how the security breach occurred, we cannot definitively determine if any personal information of patients was accessed or taken by the attacker. We have found no evidence to suggest widespread taking of personal information by the attacker, but we cannot rule this out.
Depending on what emails were held in our mailbox that relate to you, the attacker may have been able to access some of your personal information. Such personal information could have included your age, sex, Medicare number, contact details, and health information, such as specialist or pathology reports. We apologise for not being able to provide you with further information about this issue.
As a general measure to ensure your cyber security, we recommend you update your passwords for your accounts, including email, myGov login, online banking etc, especially if you have not done so since last year.
If you have concerns about identity theft we recommend you review the following material published by the Australian Cyber Security Centre:
https://www.cyber.gov.au/acsc/view-all-content/threats/identity-theft
We apologise for any inconvenience this incident may have caused.
Regards,
Brickworks Medical Centre
