Diabetes WA reveals data breach Security iTnews

pDiabetes WA has disclosed a data breach affecting people who engaged with its telehealth serviceppIn a breach notice posted Tuesday the organisation said a third party gained access to the personal information of some contactsppThe personal information possibly exposed in the breach includes name address date of birth email phone number marital status Indigenous status referring doctor type of diabetes and Medicare numberppHowever the organisation said detailed medical records and clinical information were not accessedppA spokesperson for Diabetes WA told iTnews that the information accessed related only to people who had contacted the Diabetes WA Telehealth ServiceppIt is likely that a subsection of those contacts will have been members but our focus has been on ensuring that every affected contact whether a member or not has been notified of the breach in the timeliest manner possibleppThe spokesperson said the breach happened via one compromised Diabetes WA user account which was promptly closed thereby blocking the attacker and stopping any further access to our systemppFurther investigation revealed the scope of the attack and that the breach had not spread laterally across our systems the spokesperson saidppAll affected individuals have been contacted and Diabetes WA has notified the Office of the Australian Information CommissionerppBecause Medicare numbers were breached the organisation is advising affected individuals to get a new Medicare card number either online via MyGov or by calling Services AustraliappDiabetes WA said the breach was quickly detected and fully contained and is now under investigation through Diabetes WAs Cyber Security Response PlanppIt also advises concerned individuals to seek additional assistance through IDCareppDiabetes WA provides support services to an estimated 260000 Western Australians affected by the diseasep