Hackers have broken into the medical records at Crace Medical Centre.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
An announcement to patients said: "unfortunately, our investigations have identified that patient data was accessed and taken from our systems by an unauthorised third party".
The hack happened on December 12 but patients were only texted early afternoon on Thursday, January 18.
There are fears that the information taken may be useful to blackmailers. The medical centre's announcement to patients says that the health information taken "could include details of the diagnoses, treatment, or recovery of a medical condition or disability, as well as other health information contained within your medical record".
One patient told The Canberra Times: "I was immediately worried as Crace Medical Centre have records about a personal hospital admission, which I consider very private.
"I am deeply concerned my Medicare card has been compromised and my personal information may be in the hands of hackers."
The medical centre said that none of the stolen information had yet appeared online. But how much may appear is obviously unknown. Nor is it known if the hacked information about illnesses and treatments could be connected to named, identifiable individuals or whether it is anonymous.
The medical centre's statement tells patients: "we acknowledge and understand that it may be upsetting to have your health information accessed. We regret that this incident has taken place and sincerely apologise for any unease this may cause you. If you are experiencing any distress, we recommend that you seek health advice from a registered health professional you know and trust."
The centre said it had "reported the incident to and continue to engage with the relevant Australian agencies and authorities including the Office of the Australian Information Commissioner (OAIC), the Australian Cyber Security Centre (ACSC), the Australian Digital Health Agency (ADHA) and Services Australia".
The medical centre said it was "engaging with Services Australia, so that they can place extra security measures on customer records that are linked to the personal information of our patients.
"Our medical centre remains open to all patients. We are confident that all appropriate steps have been taken to remediate the incident and further enhance the security of our systems, so that we can continue to provide the highest quality care."
It added: "We encourage our patients to take the following simple preventative steps to protect their information and avoid any potential scams:
- Look out for scammers - including suspicious emails, texts, phone calls or messages on social media. Never click on any links that look suspicious, never provide your passwords, or any personal information.
- Consider changing your online passwords. Use strong passwords and enable multi-factor authentication for your online accounts where possible."
Medical records are a prime target of hackers.
In October 2022, the records of the insurer Medibank were hacked by a Russian ransomware group which then released the information after a ransom was not paid.
The Australian Information Commissioner started an investigation into whether the company did enough to protect personal information, and if it took reasonable steps to comply with Australian privacy guidelines.