Diabetes WA has disclosed a data breach affecting people who engaged with its telehealth service.
In a breach notice posted Tuesday, the organisation said a “third party” gained “access to the personal information of some … contacts.”
The personal information possibly exposed in the breach includes name, address, date of birth, email, phone number, marital status, Indigenous status, referring doctor, type of diabetes, and Medicare number.
However, the organisation said detailed medical records and clinical information were not accessed.
A spokesperson for Diabetes WA told iTnews that the information accessed related only to people who had contacted the Diabetes WA Telehealth Service.
“It is likely that a sub-section of those contacts will have been members, but our focus has been on ensuring that every affected contact – whether a member or not – has been notified of the breach in the timeliest manner possible.”
The spokesperson said the breach happened via one compromised Diabetes WA user account, which was “promptly closed, thereby blocking the attacker, and stopping any further access to our system.”
Further investigation “revealed the scope of the attack and that the breach had not spread laterally across our systems,” the spokesperson said.
All affected individuals have been contacted, and Diabetes WA has notified the Office of the Australian Information Commissioner.
Because Medicare numbers were breached, the organisation is advising affected individuals to get a new Medicare card number, either online via MyGov or by calling Services Australia.
Diabetes WA said the breach was “quickly detected and fully contained” and is now “under investigation through Diabetes WA’s Cyber Security Response Plan.”
It also advises concerned individuals to seek additional assistance through IDCare.
Diabetes WA provides support services to an estimated 260,000 Western Australians affected by the disease.