(08) 7160 1187
(08) 8351 7787
NOTIFICATION TO ALL PATIENTS REGARDING A POSSIBLE DATA BREACH
This notification is to inform all our patients of a recent cyber incident affecting Brickworks Medical Centre
. On 22 October 2020 we discovered that our admin email account (
) may have been compromised by malware, likely as the result of a phishing email. We have no evidence of any of our doctors' email accounts being compromised.
After discovering our admin email account was compromised, our IT service providers decommissioned our email server and quarantined the affected computer. We then replaced our old IT service providers with a new team. The new team has set up a more secure email server system for us called Microsoft Exchange. We have also engaged cyber security IT experts, CyberCX, to review the quarantined computer to determine if any patient personal information has been accessed or disclosed as a result of the malware.
This notification is intended to provide our current and past patients with more details about the incident, and the steps that they should take to prevent any further suspicious activity and reduce their risk of harm. If you are a current or past patient of BMC, please review this notification carefully.
How are you impacted?
As a result of the cyber incident, you may have received (or could receive) suspicious emails from unknown parties purporting to be us (BMC). They could also purport to be from one of your other health care providers.
These emails may ask you to open an attachment or click on a link, which could seek to download malicious software onto your computer or device. These emails are not from us and should be treated extremely carefully. We recommend you be extra vigilant when reviewing emails from us or your health care providers until we have informed you of the outcome of our further investigation by CyberCX.
We have no reason to believe that any of your personal information held on our patient record system was accessed. However, if some of your personal information was emailed to our compromised account (such as in the form of a specialist or pathology report), while it was compromised, that information may have been disclosed to the attacker who created the malware. We hope to provide you with more certainty as to whether any of your personal information was accessed or disclosed after completion of the further investigation. We anticipate that the investigation will be completed by mid-February 2021.
What do you need to do?
Please double check the authenticity of any emails you receive that purport to be from us or your health care providers. As a first step, you should avoid clicking on any links or downloading any attachments. If you are unsure about the legitimacy of a communication from us, please call us to check.
If you have already clicked on any hyperlinks, downloaded any attachments and/or entered your login details, you should immediately change the password to your email account and any other accounts that share the same username (email address) and password. You should also take steps to ensure that your systems are up-to-date, firewalls enabled and virus scans are current.
If you have received a suspicious email, please call us to let us know. We will then instruct you on how you can send it to us so in a secure way so that CyberCX can further analyse the email.
If you have any queries, please email us at
and we will address your queries and questions as received. Please note, we are reviewing each query and will contact you as soon as possible.
We apologise for any inconvenience this incident may have caused.
Brickworks Medical Centre