Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Aussie healthcare specialist SCENT says its reception email was used to send phishing emails, with patient data potentially compromised.
The Sydney Centre for Ear, Nose & Throat (SCENT) has begun notifying patients of a potential security issue, warning that one of its email accounts has been compromised and patient data potentially impacted.
“SCENT recently became aware that the reception and administration email account belonging to the practice was likely the subject of unauthorised access following the sending of phishing emails from that account. SCENT undertook immediate containment and remediation actions,” SCENT said in an email sent to its clients on 6 November.
“Since then, we have been investigating what occurred, including what information may have been accessed, and we are now in a position to inform individuals whose information may have been affected.”
SCENT confirmed that its “core patient database” was not affected by the incident and that its medical centre remains open. However, given that patient data was sent or received via the compromised email, SCENT is nonetheless warning that some data could have been accessed without authorisation.
“Based on our investigation, we are not aware of specific access to particular items of personal information contained in the email account, but only that the email account was used to send phishing emails,” SCENT said.
“Nevertheless, we have taken the precautionary approach of notifying individuals of a possible data breach affecting information sent or received by email, given there may have been unauthorised access to some personal information contained in those emails.”
The information included in the emails typically includes appointment details, health summaries, referrals, and treatment plans.
“The kinds of information typically contained in these documents, which may have been accessed, include name, date of birth, address, medical history, diagnosis and treatment plans,” SCENT said.
“We emphasise that we have no evidence that any particular personal information was specifically accessed, but we have taken the precautionary approach of informing all individuals with emails sent or received as to the possibility that there was access to personal information contained in those emails.”
The compromised email account was secured as soon as SCENT became aware of the issue, and engaged external forensic experts, who are confident the incident has been dealt with. SCENT has also informed the Office of the Australian Information Commissioner and is nonetheless encouraging its patients and clients to remain alert for any scam activity in the wake of the incident.
“We sincerely regret that this incident has occurred, and we would like to apologise for any concern or inconvenience this may cause,” SCENT said.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
