Cyber Incident Update
Glebe Family Hill Practice (GHFP) experienced a cyber security incident earlier this year involving one of its email accounts, through which an unidentified third party sent unauthorised phishing emails.
The email account involved was an administrative mailbox used to handle website enquiries and patient requests for certain documents and information as well as general practice administration.
Upon discovery of the incident, GHFP immediately secured the mailbox and engaged leading cyber security experts to conduct a detailed forensic investigation into what occurred.
We have no evidence to suggest that any information contained in the mailbox was accessed. However, out of an abundance of caution, GHFP has carried out a thorough review of the contents of the mailbox to identify any individuals whose information was contained in the mailbox.
Based on our review, we understand that a combination of contact information, health information, and Medicare information was contained in the mailbox. We also identified some identification information for a limited number of individuals.
GHFP is now taking steps to directly notify via post or email individuals whose personal information was contained in the mailbox. This will be a precautionary notification only. There is no evidence that the third party accessed this information. There is also no evidence to suggest that any personal information has been, or will be, misused as a result of the incident. However, we understand that people may be concerned and GHFP is committed to providing you with the information and support that you need.
Should you receive a notification statement, please do not hesitate to contact us at our dedicated cyber incident mailbox: [email protected].
GHFP takes the protection of data relating to patients and staff very seriously. We sincerely apologise that this incident has occurred and thank you for your patience and support during this time.