We regret to report that 1300SMILES Dentists experienced a data breach incident in 2023 that involves some personal information contained within the 1300SMILES Dentist Buderim practice reception email account.
Because of variations in the types of records involved, not all patients whose personal information was contained in those records are affected in the same way. Unfortunately, some patients may be more seriously impacted as a result, although we are currently not aware of any harm arising from the incident.
We are in the process of contacting patients who are likely to have been seriously impacted by the incident. However, there are a number of patients in this category we have not been able to reach, typically because we do not have current contact details on file. As a result, we have decided to update all patients. If you have concerns about your personal information as a result, you can reach out to us at [email protected].
The security of the personal information we hold about patients is important to us, and we want to apologise to all patients – whether affected by the incident or not. We also wanted to let you know what happened, what steps we took, and our recommendations for patients as a result.
1300SMILES Dentists Buderim was the subject of a successful phishing attack that impacted a reception inbox. This mailbox held some personal information about our patients. The mailbox was subsequently accessed by an unauthorised third party.
Once we identified the phishing incident, we immediately limited access to the compromised mailbox. We then commenced a security investigation to resolve the incident. We would like to reassure you that our patient management systems have not been impacted by the incident.
We take the security and privacy of the personal information that we hold about our patients seriously. Since our detection of the incident, we have been undertaking a thorough analysis of the compromised mailbox to identify which individuals may have been affected and how best to contact them.
As soon as we became aware of the incident, we implemented emergency security measures to disable access to our system and reset all passwords. We also disabled access to the mailbox overnight while we investigated the incident. We are currently commencing a review to identify patients who, because of the personal information held in the compromised mailbox, may have been seriously affected by the incident and are in the process of contacting these patients directly where we hold current contact information.
Separately, we also enlisted the assistance of a security specialist to investigate the incident. We are working closely with this expert on making security enhancements to our systems and have implemented procedures to reduce the risk of an incident of this nature reoccurring.
1300SMILES has also partnered with IDCARE, Australia’s national identity and cyber support community service. They have expert Case Managers who can work with you in addressing concerns in relation to personal information risks and any instances where you think your information may have been misused. IDCARE’s services are available at no cost to you. If you wish to speak with one of ID Care’s expert Case Managers, please complete an online Get Help form at www.idcare.org or call 1800 595160. When engaging IDCARE, please use the referral code MLMU23.
Note IDCARE specialist Case Managers are available from 9am-5pm AEST Monday to Friday, excluding public holidays
From our investigation of the incident, we have determined that certain types of personal information we hold about patients may have been affected. The personal information that has been affected varies by individual, and may include some or a combination of the following:
It is not necessarily the case that the potentially compromised information about you falls into all of these categories. However, we still recommend you follow each guideline in the next section in the interest of reducing your overall risk.
Please note that we are still progressing our investigation and may reach out to you again if further information is identified on you.
We strongly advise that you follow these guidelines to reduce the risk of potential harm in the event your information has been compromised:
If you would like any more information about this incident, please contact [email protected] and someone will respond to you as soon as possible.