Our Information Security Team has been notified that an unauthorised user gained access to a Next Practice Victoria Park email account containing patient personally identifiable information.
We are notifying any patients who have communicated with us via the firstname.lastname@example.org email that our Information Security Team has been notified that an unauthorised user gained access to this email account containing patient personally identifiable information. Immediately upon receipt of the notification, the Next Practice Information Security Team analysed the alert and began an investigation to determine how the information was obtained and to identify any potential exploitation of the Next Practice System.
We determined that the notification was legitimate and that on the 28th of April 2022, the unauthorised user gained access to limited patient information that was contained in emails sent to and from email@example.com only. Upon further investigation we found there has been no evidence the information was downloaded by the unauthorised user.
What sensitive data could have been included?
As with most data breaches, not all attributes are complete for every person. This only applies to you if you’ve shared any of this information via email to firstname.lastname@example.org
Steps we’ve taken:
Immediately upon learning about the incident, we set up an Information Security Incident Response Team to investigate the incident.
We reset the email account password and enforced a two-factor authentication feature across all user and shared accounts within Next Practice. This allows users to authenticate themselves using a mobile device in addition to a password, which will further harden their Next Practice account against illegitimate access.
In addition, the Next Practice Victoria Park team has completed training on email security and set up a support team to assist patients who have concerns or questions about the incident.
What our patients should do:
Next Practice patients who have questions or concerns about this incident can contact our dedicated support team via email on email@example.com or by phone at (08) 7905 7200.
For all patients with a Next Practice account, we recommend that for maximum safety, you change your password and take advantage of the two-factor authentication feature.
Additional security steps you can take include:
For now, there are no other actions that patients need to take as a result of this incident. However, we always recommend that you take the time to evaluate your security practices. Please, avoid using the same password for multiple services or websites. It’s good practice to use stronger passwords and to change them often.
As always, your privacy and the security of your data are our highest priority. We continually assess our procedures and policies and seek new ways to improve our approach to security. We understand the importance of our role as custodians of your information and work every day to earn your trust.
Thank you for your understanding.
Please do not hesitate to call or email our Care team with any questions or concerns you have. We are here to answer any and all questions as well as provide support to you.
Call our direct line: (08) 7905 7200
Email any questions to: firstname.lastname@example.org
Email us if you believe you might have been affected by the incident: email@example.com
The Care team at Next Practice Victoria Park