In follow up to the initial information we sent out about the recent cyber incident at the Clinic, here are the answers to the most frequent questions we have been asked . . .

Q: Have my financial details been accessed?

A: No. We do not keep patients’ financial details in our database.

Q: Has my medical data been compromised?

A: The incident was primarily an encryption event. Based on the investigation completed to date, the patient management system itself remained intact and recoverable from backup. While there is evidence that a limited amount of data was taken, the information currently available indicates this was confined to data accessible from two desktop computers, rather than a broad compromise of the clinical system or full patient database. Out of caution and transparency, we are not in a position to state that no information was accessed at all. For that reason, our earlier communication acknowledged that some level of compromise may have occurred, but not at a scale that would suggest widespread or wholesale theft of patient information.

Q: Has the incident been reported?

A: We have reported the matter to the Australian Signals Directorate through the Australian Cyber Security Centre, and have an active cyber incident case logged with them. We’re also working with the Victorian Police’s Cybercrime team, and continue to work with all appropriate authorities as the matter remains under review.
All of these external parties have expressed that they are very happy with how we’ve handled this incident.

If you have any additional questions, please contact us via ASMC@sccs.com.au – Southern Cross Computer Systems (SCCS) is our ISO27001 Managed Services Team.