New Zealand hearing clinic Bloom warns of massive data theft in ransomware attack NZ Herald

pBy Phil Pennington of RNZ ppThousands of customers of a hearing clinic chain in New Zealand have been warned about a ransomware attack that has stolen masses of sensitive datappBloom Hearing Specialists said some or all of the stolen data had been or soon will be published on the dark webppIn an online alert it said the hacked data may include bank account details patient records and insurance informationppThere is an ongoing risk that the threat actor may publish the stolen data or disclose it to unknown third parties Bloom said online on August 27ppWe understand that some or all of the stolen data has been or will soon be published on the dark web We encourage individuals and organisations not to look for the stolen data on the dark webppThis made news reports in Australia but not in New Zealand where Bloom has 21 clinicsppA spokesperson confirmed on Thursday afternoon to RNZ that all customers in New Zealand had been alertedppThe breach might increase the odds of being targeted for fraud extortion or identityrelated crimes Bloom saidppAn Australian media report said the amount of stolen data could be astounding and Bloom might have breached the law around retaining the personal data of former patients and staffppBloom was hacked in July put out alerts in late August and has written letters to thousands of customers its alerts showppIt had also notified the New Zealand police and Privacy Commissioner it saidppThe National Cyber Security Centre in Wellington told RNZ it did not comment on specific incidents or regarding if we are involved or not and this would have to come from the companyppA person who got a letter from Bloom posted on the website Geekzone Just received this and felt really angry that so much information is being collected for a hearing test and the type of people who will be affected by this mostly older I would imagineppThe company further warned You may see an increase in targeted phishing attempts via email text messaging or telephone calls where the scammer uses details specific to themppIt published a long list of advice on steps to take and how to respondppAs soon as we became aware of the incident we took immediate steps to contain it and secure our systems Bloom said It was still investigatingppWe sincerely apologise for any distress this incident may have causedppThe list in the alert of what data may have been stolen was very long including name address contact details including email addresses and phone numbers date of birth gender health information including audiograms and other hearing loss information appointment details and notes and other patient records insurance information including account details and claims other funding source information including eligibility for workers compensation and government assistance financial information including bank account details governmentrelated identifiers including Medicare numbers Centrelink numbers DVA numbers ADF numbers NDIS numbers and Driver Licence numbers and details of other contacts and their relationships to patients including powers of attorney and next of kinppAnother long list followed of the data of current and former employees and contractors of Bloom and its parentsister companies Active Hearing Pty Ltd HearClear Audiology Pty Ltd Hutchinson Audiology Clinics Pty Ltd WS Audiology ANZ Pty Ltd and Widex AustraliappSome personal information of other individuals such as healthcare professionals other contacts and vendors may also be involved including names contact details including email addresses and phone numbers addresses physician numbers relationships of other contacts to individuals and financial information of vendors including bank account detailsppIn Australia it had hundreds of clinics under various brandsppThe Canberra Times quoted cybersecurity expert Sadiq Iqbal at Check Point Software Technologies saying this could put Bloom Hearing in breach of the Privacy Act which requires companies to destroy or deidentify personal information that is no longer neededppThe amount of data Bloom Hearing has listed thats been compromised is quite astoundingppRNZ has approached Bloom for comment as well as the police and the Privacy CommissionerppThe office of the Privacy Commissioner said an August 21 post by Bloom was their public notice of the breachppAs with any breach Bloom Hearing will need to investigate to fully ascertain the size and scope of the breach and any impact on its New Zealand clients the OPC said on Wednesday afternoonppBloom was expected to inform peopleppOur focus in this situation is to provide agencies who have experienced a breach with advice on how to minimise the harm on any individuals impactedppIt referred people to ownyouronlinegovtnzppRNZ has approached Bloom for comment as well as the policeppSign up to The Daily H a free newsletter curated by our editors and delivered straight to your inbox every weekdayppPolice said the three climbers had been due to complete their climb at 830am todayp