top of page

Cyber Security Incident    

     

Point Lonsdale Medical Group (PLMG) is providing this information in relation to a recent incident involving potential access to a small proportion of personal information held in an email account.  This notice sets out what happened, what information may have been impacted and what protective measures we suggest to our patients.

​

What happened?

PLMG recently became aware that the reception and administration email account belonging to the practice was likely the subject of unauthorised access following the sending of phishing emails from that account. 

Importantly, there has been no impact to our patient database or other systems.

PLMG undertook immediate containment and remediation actions and also notified the recipients of the phishing emails advising them not to interact with that email.  

 

Since then, we have engaged external forensic experts to assist us in our investigation into what occurred, including what information may have been potentially accessed. The investigation has shown evidence that a small and confined proportion of emails contained in the mailbox were specifically accessed.

We have been working with our external forensic experts to identify which emails have been accessed. Unfortunately, we have not been able to identify the particular emails that were accessed.

We take the privacy of our patients incredibly seriously.  As a result and out of abundant caution, we are informing all our patients of potential access to their personal information, to the extent their personal information may have been in that particular email account, and the protective measures they can take to safeguard their information.

What information may have been impacted?

 

The personal information present within our reception and administration email account (admin@plmg.com.au)  is information which we typically send or receive via email, and this generally includes referrals, health summaries or treatment plans.   

 

The kinds of information contained in these documents, which may have been accessed, includes name, date of birth, address, medical history, diagnosis and treatment plans. Some documents may have Medicare card numbers and health fund details.

 

As we have said above, we are not able to tell precisely which emails were specifically accessed but we believe it was only a small proportion of emails in that email account. We also do not have evidence suggesting that any of the information in those emails was taken or copied.

 

What actions have we taken?

PLMG takes the privacy and protection of personal information very seriously.  Once we became aware of the suspicious activity, we took immediate steps to secure the email account and investigate what occurred.

We have followed the recommendations made by our external forensic experts and are confident that the incident has been remediated. We have also taken steps to review and further enhance our IT system security moving forward.

We have reported this event to the Office of the Australian Information Commissioner (OAIC).

 

Preventative Measures

We encourage individuals to take the following steps to reduce the risk of harm associated with the potential access to their personal information:

  1. Remain alert to increased scam activity. Take care with phone calls and emails, especially any communication purporting to come from us. You are welcome to call us to verify anything suspicious you may receive on (03) 5258 0888. This is also the only number we use to call you.

​

  1. Do not click on any suspicious links or provide your passwords or any personal information.

​

  1. Enable multi-factor authentication for your accounts where possible, especially for MyHealth Record, Medicare and MyGov.

​

  1. Your Medicare card number alone cannot be used to verify your identity or access your Medicare account. If you are concerned about the security of your Medicare account, you can contact Medicare to obtain a replacement card free of charge.

 

  1. Please visit www.servicesaustralia.gov.au/databreach for more information on how you can protect your personal information after a potential data breach.

​

  1. If you suffer distress, contact your doctor, a support service or your family or friends.

​

You can find further information about online safety, cyber security and helpful tips to protect yourself at the following websites:

​

Conclusion

We sincerely regret that this incident has occurred, and we would like to apologise for any concern or inconvenience this may cause you. 

​

Should you have any questions or seek more information, please contact us at cyberincident@plmg.com.au

​

Yours sincerely

Point Lonsdale Medical Group

Contact Us

Point Lonsdale Medical Group

​

4 Nelson Road, Point Lonsdale, Vic 3225

​

Phone: 03 52580888

​

Fax: 03 52582900

​

www.pointlonsdalemedicalgroup.com.au

Hours

Opening Hours

​

​

​

Monday to Friday 7.30am to 5.00pm

​

Saturday 9.00am to 1.00pm

​

Sunday CLOSED

​

Public Holidays 9.00am to 12.00 noon

​

*Closed: Good Friday & Christmas Day

 

Phone Hours

​

Monday to Friday 8.30am to 5:00pm

​

Saturday 9.00am to 1.00pm

​

​

After Hours

Outside of our normal hours of operation, Point Lonsdale Medical Group utilises the National Home Doctor Service to provide medical attention and assistance in emergencies. Please phone 13 74 25 when an urgent after-hour’s home visit is required.

© 2015 Point Lonsdale Medical Group

bottom of page