Letter To Clients

Date: 09/11/2024

Dear Valued client of Dandenong smile health

We appreciate your business and are committed to safeguarding your personal information. As a precaution, we are informing you of a data security incident that may have involved your personal details.

While there is no indication that your information has been misused, we are notifying you, along with other potentially impacted individuals, about the incident. Additionally, we are providing information on steps you can take to protect yourself from possible identity theft or fraud.

What Happened?

On Saturday 4thth of November 2024, our on-premises server was subjected to cyber-attack and the server became inoperable. It is unclear exactly what type or nature of attack on the server took place, however, it was likely some form of Ransomware.

Ransomware is a malware / virus that infects your computer and then searches for files to encrypt. Hackers encrypt the data making it no longer accessible to the computer owner. The Ransomware virus will display warning screens indicating that the data will be destroyed if you do not pay a ransom.

The Australian Government Cyber Security Centre (ACSC) advises that victims should not pay the ransom, and instead they recommend restoring the files from a backup. This means we totally removed all data from our server and reinstalled our medical software.

As the new owners of the business, we have discovered that the old backup system used by the previous owner is no longer functional due to the outdated hard drives that were manually used for backups. Unfortunately, these backups were not properly maintained. However, we have sent the drives to data recovery specialists who are exploring the possibility of recovering the data in a clean room environment.

We are unsure whether any personal information was accessed or compromised. The data that may have been exposed could include:

  • Personal details that could identify you, such as your name, address, date of birth, and contact information.
  • Health-related information, including records of services provided, consultation notes, billing, and financial documents.

At Dandenong smile health, we prioritize your privacy and deeply regret that this incident took place.

What we have done

What steps have we taken to protect your information and prevent this from happening again.

We have introduced enhanced security measures to safeguard against future incidents and to protect our patients’ privacy. As part of this, we have decommissioned our on-site server and transitioned to a specialized hosting provider that focuses on the secure hosting of practice management software for professional services firms in Australia, transition to the new cloud-based software and back-up system.

Additionally, we’ve implemented other security measures, based on expert advice from IT consultants, such as multi-factor authentication and VPN usage, to minimize the risk of a similar event occurring in the future.

We have also informed the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC) to ensure the incident is handled appropriately.

Recommendations for Clients

These recommendations are in line with those of the Office of the Australia Information Commissioner and they may not be relevant to everyone, but you should consider and take appropriate steps.

Type of breach and recommend action as listed below

Contact Information – Recommend action:

  • Update the passwords for your email accounts.
  • If you’ve emailed sensitive information, such as your online banking password, be sure to change these as well.
  • If you’ve emailed or stored personal identification documents (like your driver’s license or passport) and think they may have been accessed, contact the relevant issuing authority.
  • Enable multi-factor authentication whenever possible.
  • Make sure your devices have up-to-date antivirus software to protect your email access.
  • Avoid opening attachments or clicking links in emails or social media messages from unknown senders or if you are unsure about the legitimacy of the sender.
  • Do not share personal information unless you are certain about the recipient’s identity. For instance, if you receive a call from a company (such as a telecommunications provider), hang up and call the company back using contact details from their official website.
  • Monitor your accounts for any suspicious activity. If you suspect you may be a victim of identity theft, we recommend reaching out to IDCARE (www.idcare.org or 1300 432 273), which provides personalized support for individuals concerned about identity fraud.

Health Information:

  • Contact your doctor, local crisis team, a support service or your family or friends if you experience distress.
  • Sensitive Information
  • (About sexuality, race, political views, etc.) Contact your doctor, local crisis team, one of the support services listed below, or your family or friends if you experience distress.

Sensitive information:

  • If your physical safety is at risk, contact the police.
  • The Office of the eSafety Commissioner has resources that provide advice on a range of online safety issues, which may help you if you experience online harassment, racism, or abuse: https://www.esafety.gov.au/

 

The Office of the Australian Information Commissioner (OAIC) offers guidance and resources for individuals whose information may have been affected by a data breach. We recommend reviewing their advice on how to respond to a data breach notification by visiting the following link: https://www.oaic.gov.au/privacy/data-breaches/respond-to-a-data-breach-notification/.

We sincerely apologize for any inconvenience or distress this situation may have caused. As previously mentioned, we are not certain whether a data breach occurred, but we are following best practices by notifying our valued clients.

For additional information or assistance, please contact our practice at 03 9791 2755, available daily from 9:00am to 5:00pm.

Thank you Sincerely

Team at Dandenong Smile Health

Dr Nagalakshmi and Dr Kumar

Directors of Dandenong Smile health

Didn't find The Answer?

Please, call our customer service or get an appointment with our doctor

Book an Appointment 03 9791 2755