On 2 June 2022, the server holding the SITCM Teaching Clinic’s case records was infected by ransomware. All patient records likely became accessible to the attackers, who encrypted the records to permanently deny SITCM access. By the time SITCM’s IT Officer became aware of the attack on 3 June 2022, it was too late to prevent the data breach.
The data breach affects all patients who visited our Teaching Clinic for Chinese medicine or remedial massage treatments from 23 February 2012 until 2 June 2022. The information that could be accessed by the attackers includes each patient’s name, date of birth, gender, address, phone number, email, height, weight, occupation, personal medical history, family medical history, current illness and current treatment.
SITCM sincerely apologises for this breach and the distress that it may cause. Should you need support during this period, dedicated resources are available here: https://www.oaic.gov.au/privacy/data-breaches/data-breach-support-and-resources. Please also be extra cautious of any phone calls, text messages and emails that you may receive from unfamiliar sources, and do not open any unknown links or attachments. To report or learn more about scams, please visit scamwatch.gov.au.
To mitigate the risk of such an issue re-occurring, SITCM is currently replacing its previous clinic record software with a system that offers robust external protections on all digital clinic records (please see here for details).
If you have any questions or comments at this time, please do not hesitate to contact us at firstname.lastname@example.org.