Australian Medical Centre Breach, 04 April 2024

Diabetes WA has disclosed a data breach affecting people who engaged with its telehealth service

Breach via one compromised Diabetes WA user account

Company Statement: 2 April 2024 – Notification of Privacy Incident

Source: Diabetes Western Australia reveals data breach – iTnews

View more incidents relating to Medical and Health Care sector, and incidents from Western Australia.

In a breach notice posted Tuesday, the organisation said a “third party” gained “access to the personal information of some … contacts.”

“Based on our investigation, we understand that personal information may have been affected by the incident including the following details: Name – Address – DOB – Email – Telephone number – Marital Status – Aboriginal Status – Medicare Number – Referring doctor – Type of diabetes”

A spokesperson said the breach happened via one compromised Diabetes WA user account, which was “promptly closed, thereby blocking the attacker, and stopping any further access to our system.”

Further investigation “revealed the scope of the attack and that the breach had not spread laterally across our systems,” the spokesperson said.

All affected individuals have been contacted, and Diabetes WA has notified the Office of the Australian Information Commissioner.

However, the organisation said detailed medical records and clinical information were not accessed.