Notification of privacy incident
Our Information Security Team has been notified that an unauthorised user gained access to a Next Practice Victoria Park email account containing patient personally identifiable information.
We are notifying any patients who have communicated with us via the victoriapark.pa@nextpracticehealth.com email that our Information Security Team has been notified that an unauthorised user gained access to this email account containing patient personally identifiable information. Immediately upon receipt of the notification, the Next Practice Information Security Team analysed the alert and began an investigation to determine how the information was obtained and to identify any potential exploitation of the Next Practice System.
We determined that the notification was legitimate and that on the 28th of April 2022, the unauthorised user gained access to limited patient information that was contained in emails sent to and from victoriapark.pa@nextpracticehealth.com only. Upon further investigation we found there has been no evidence the information was downloaded by the unauthorised user.
What sensitive data could have been included?
- First name
- Last name
- Date of birth
- Medicare number
- Individual Healthcare Identifier (IHI)
As with most data breaches, not all attributes are complete for every person. This only applies to you if you’ve shared any of this information via email to victoriapark.pa@nextpracticehealth.com
Steps we’ve taken:
Immediately upon learning about the incident, we set up an Information Security Incident Response Team to investigate the incident.
We reset the email account password and enforced a two-factor authentication feature across all user and shared accounts within Next Practice. This allows users to authenticate themselves using a mobile device in addition to a password, which will further harden their Next Practice account against illegitimate access.
In addition, the Next Practice Victoria Park team has completed training on email security and set up a support team to assist patients who have concerns or questions about the incident.
What our patients should do:
Next Practice patients who have questions or concerns about this incident can contact our dedicated support team via email on vicpark.privacyteam@nextpracticehealth.com or by phone at (08) 7905 7200.
For all patients with a Next Practice account, we recommend that for maximum safety, you change your password and take advantage of the two-factor authentication feature.
Additional security steps you can take include:
- Be aware of emails and telephone calls from people requesting your personal details. Especially details like your date of birth, residential address, email address, username or passwords, which are often used to verify your identity.
- If you start to receive unwanted telemarketing calls, consider registering your number with the Australian Communications and Media Authority’s ‘Do Not Call register’ by visiting www.donotcall.gov.au/consumers/register-your-numbers. You can also contact your service provider and request to change your number.
- Contact the Australian Tax Office on 1800 467 033 or your superannuation fund so that they can consider placing additional monitoring and security protocols on your account.
- Contact IDCare on 1800 595 160 or visit www.idcare.org who can provide you with guidance on the steps you can take to protect yourself from identity fraud.
- Further information is also available on the Office of the Australian Information Commissioner (OAIC) website at https://www.oaic.gov.au/privacy/data-breaches
- If you have contacted the Next Practice support team and believe your concern or complaint hasn’t been resolved, you can make a complaint to the Office of the Australian Information Commissioner (OAIC). You can find out more about how to make a complaint to OAIC at https://www.oaic.gov.au/privacy/privacy-complaints/
For now, there are no other actions that patients need to take as a result of this incident. However, we always recommend that you take the time to evaluate your security practices. Please, avoid using the same password for multiple services or websites. It’s good practice to use stronger passwords and to change them often.
Going forward:
As always, your privacy and the security of your data are our highest priority. We continually assess our procedures and policies and seek new ways to improve our approach to security. We understand the importance of our role as custodians of your information and work every day to earn your trust.
Thank you for your understanding.
Contact us:
Please do not hesitate to call or email our Care team with any questions or concerns you have. We are here to answer any and all questions as well as provide support to you.
Call our direct line: (08) 7905 7200
Email any questions to: vicpark.privacyteam@nextpracticehealth.com
Email us if you believe you might have been affected by the incident: concerns@nextpracticehealth.com
Yours sincerely,
The Care team at Next Practice Victoria Park
