Family Planning NSW has written to clients revealing that a “cyber-attack” on its website may have compromised a number of its online databases.
“These databases contained information from clients who had contacted Family Planning NSW through our website in the past two-and-a-half years, seeking appointments or leaving feedback,” said an email signed by Sue Carrick, chair of the organisation's board, and CEO Ann Brassil.
Journalist Lauren Ingram posted the contents of the letter on Twitter.
Family Planning NSW said that the organisation suffered a ransomware attack on ANZAC Day
"We had the website secured by 10am on April 26, 2018,” the email states.
“All web database information has been secure since this time and more sensitive medical records held internally were never under threat.
“The situation is now contained and there have been no further threats. We will have our website back online after external security review and internal testing.”
The email states there is no evidence the information in the databases has been used by the attackers.
The message urged individuals concerned about the security breach to contact Family Planning NSW.
The organisation’s website has been replaced by a placeholder page stating: “Our website is getting a security update. Thank you for your patience, we'll be back online as soon as possible.”
Clinics are still operating normally.
Family Planning NSW can be reached on 1800 957 860 or via firstname.lastname@example.org.
Health service providers accounted for almost a quarter of the breaches reported in the first six weeks of operation of the government’s Notifiable Data Breach (NDB) scheme, which began on 22 February.
The Office of the Australian Information Commissioner in April issued its first report on the scheme, which revealed it had received 63 reports of data breaches. Health service providers accounted for 24 per cent of the notifications received by the OAIC.