cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Hacked Sydney radiologist instructs staff to tell customers hack was a technical fault

Western Sydney radiologist Quantum Radiology has told its staff to tell its patients that a cyber attack it faced late last year was really “an operational IT issue”, according to an internal email.

user icon Daniel Croft
Tue, 16 Jan 2024
Hacked Sydney radiologist instructs staff to tell customers hack was a technical fault
expand image

On 22 November last year, an unauthorised third-party user infiltrated Quantum’s systems and reportedly encrypted files, including patient identifying information, Medicare numbers, image scans, reports and claim details.

The company released a statement on its website in mid-December, confirming that it had faced a breach that led to encryption.

“On Wednesday, 22 November 2023, the Quantum Radiology Group became aware of a cyber incident where an unauthorised third party gained access to our IT systems and encrypted the contents of those systems,” said the company.


“As soon as we detected the incident, we took steps to contain it, and appointed forensic specialists to investigate what had happened, engaged by our legal advisors along with other cyber incident response specialists.”

The incident affected not only patients but also current and former employees, resulting in sensitive information such as bank account information, superannuation details, tax file numbers, names, birth dates, addresses and phone numbers being accessed.

“It is highly probable that some prior employee information has been compromised, we will provide you with further updates,” said a notice email to former staff.

The company is still also unable to access its historical databases.

Despite the detailed information provided to staff and the confirmation of the cyber attack posted to the company’s website, internal emails show that staff had been instructed to tell patients that the incident was the result of “an operational IT issue”.

“Whether a patient contacts you by phone or email, or you have a frontline role and speak to patients in person; it is essential that we all provide a consistent message so as [not] to cause confusion or unnecessary concern,” said the email under a tab that said, “What to tell patients.”

“You may tell patients that Quantum has experienced an operational IT issue, and we are working to restore services as soon as possible.

“Please assure any patients that you speak to that our top priority is bringing our systems back online as soon as possible, so that we can continue to provide essential imaging services to our patients and the community.”

Responding to questioning by The Daily Telegraph, a spokesperson for Quantum explained that the formal release on its site contained all the relevant information for customers.

“We have published a formal notice on Quantum’s website which sets out relevant information about the incident and the services available to those affected, including the availability of a support centre for patients with cyber incident-related queries,” the spokesperson told The Daily Telegraph.

As iterated by earlier reports by Cyber Daily and other media, Quantum Radiology was previously not informing its patients at all, but instead cancelling appointments without a reason.

Customers were simply greeted at the door of clinics with a notice that said: “Due to unforeseen circumstances, our IT systems are currently down, and we cannot process any patient appointments until further notice.

“Our team is working to resolve this as soon as possible.”

Following media coverage, a spokesperson confirmed to 9News that the incident was a cyber attack, with the company then releasing a public statement.

“Our clinics are temporarily closed as we are investigating a recent cyber incident. As soon as we detected the incident, we took steps to contain it,” the statement released in December said.

“Relevant Australian government authorities and the police have been notified.

“Your healthcare needs are our utmost priority. We have notified and are collaborating with referring doctors to assist with your ongoing healthcare needs.

“We are working hard to bring our systems back online. We will reopen once our systems are operational and tested. We anticipate this will be the week of 4th December but will confirm in the coming days and will notify referring doctors accordingly.”

On top of the stresses relating to the incident, staff are facing additional harassment from hackers bombarding the company’s phones, according to another internal email.

The hackers are reportedly using spoofing technology to disguise calls and caller IDs with other numbers, such as senior staff, to encourage employees to pick up.

“Our advisors have noted that this is a known strategy used by the hackers and have advised all staff not to engage,” said the email.

“While we cannot stop these, we are endeavouring to reduce them. To the extent possible, please do not engage with them; simply hang up &/or ignore.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.