Cyber Security Incident

In March 2024, we became aware of unauthorised access to our practice email (admin@coastalcc.com.au). There is no danger to our patient database, and this does not affect any communications via secure messenger services such as Argus and Healthlink.

What occurred?

The unauthorised access occurred over a short period and resulted in the sending of phishing emails to a number of our GP's and patients.

Whilst we have no indication that anyone has accessed or used our patient's information without permission, we take the privacy and protection of personal information very seriously and we are informing our patients of this development.

What actions have we taken?

We have always recognised the importance of our IT security, and in response to this event, we have taken steps to look at how we can further enhance our cyber security moving forward in conjunction with our external IT experts.

We have reported this event to relevant government authorities and agencies including the Office of Australian Information Commissioner (OAIC), the Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC) and the Australian Digital Health Agency.

What personal information has been affected?

The personal information present within the email account is information which we typically send or receive via fax or email, and this generally includes referrals, health summaries or treatment plans.  The kinds of information contained in these documents, which may have been accessed, includes name, date of birth, address, medical history, diagnosis and treatment plans. Some documents may have medicare numbers and health fund details.

We have identified that most of the information present within the mailbox is from 2023 with a small amount of information dating back to 2019. Further, this incident has not affected any information sent via secure messenger services such as Argus and Healthlink.

What do you need to do now?

We encourage our patients to take the following steps to reduce the risk of harm associated with the potential access to their personal information:

  • Remain alert to increased scam activity. Take care with phone calls and, especially any communication purporting to come from us. You are welcome to call us to verify anything suspicious you may receive on 02 4323 3060. This is also the only number we use to call you.

  • Do not click on any suspicious links or provide your passwords or any personal information.

  • Enable multi-factor authentication for your accounts where possible, especially for MyHealth Record, Medicare and MyGov.

  • Consider changing your online account passwords. The Australian Cyber Security Centre provides guidance around good password practices: https://www.cyber.gov.au/acsc/view-all-content/advice/passwords-pins- and-passphrases;

If you are concerned about your Medicare number, we understand that Medicare will issue replacement cards free of charge. If you choose to have your card replaced, you can request this using your Medicare online account through myGov or using the Express Plus Medicare mobile app.

If you have concerns about securing your confidential information with organisations such as MyHealth Record, Medicare and MyGov or your health fund, you may wish to contact them and discuss additional security measures they can put on your account.

Further information on online safety, cyber security and helpful tips to protect yourself and respond to scams, identity theft and other online risks, can be found at the following government agency websites:

https://www.oaic.gov.au/privacy/your-privacy-rights/ways-to-protect-your-privacy/tips-to-protect-your-privacy

https://www.cyber.gov.au/acsc/view-all-content/threats

https://www.scamwatch.gov.au/

If you suffer distress, contact your doctor, a support service or your family or friends.

Questions

Should you have any questions or seek more information, please email our Practice Manager on email: manager@coastalcc.com.au.