Jupiter Health Spearwood has recently identified that a cyber-criminal has compromised our medical records system with a ransomware attack. All patient data has been placed in an encrypted file in our possession on our server however, we cannot retrieve this data despite all of our efforts.
Please note that this issue only impacts patients who have attended Jupiter Health Spearwood medical centre.
What data has been stored in this system?
Data in this system may contain: name, address, email, phone number, age, your health information and Medicare number.
What does this mean for me?
We have engaged with cyber security experts, who have conducted a full review of this matter. At this point in time, we do not believe that any of your personal information has been taken. Rather, it appears that the information has not left our system, but has been encrypted so that we are unable to access it.
We are treating this information breach with the highest level of urgency, and are taking this matter very seriously. We wish to convey our most sincere apologies for any concern that may be caused as a result of this incident.
With your consent, we will do everything possible to collate your medical records via our usual pathology and radiology providers, any previous medical practices you have attended and via your My Health Record (if you have one).
We will also need to gather a medical history from you at your next visit. If you have recently been asked to follow up on any abnormal results, please contact us as soon as possible.
We will also require all patients to fill in the new patient forms again.
How have we responded to this incident?
As soon as we were made aware of this breach, we shut down the source of this vulnerability and have been working with our IT provider, authorities and independent expert advisers to investigate and protect patients from any further risk.
The matter has been reported to the Australian Federal Police and will be reported to the Office of the Australian Information Commissioner.
We are continuing to investigate this matter and will keep you updated regarding any developments.
What do you need to do?
As always you should remain vigilant when interacting with organisations, particularly where these organisations seem suspicious. Please closely monitor your personal accounts, such as your My Health Record, for any irregular activity.
We recommend that you review the information supplied by the Office of the Australian Information Commissioner around data breaches and their Support & Resources. For general information on how to protect your personal data, we recommend you visit Scam Watch.
The safety and security of our patients’ information is our highest priority. Data protection continues to be a focus at Jupiter Health. We want to stress that, in line with best practice, we have continued to tighten our security and protection mechanisms to provide us with the highest level of protection possible in relation to your information.
Again, we wish to offer our sincere apologies. If you need additional information, please do not hesitate to contact me on 9434 0100 or email me at firstname.lastname@example.org.
Te Kotuku Brown
Jupiter Health Spearwood