Cyber Attack Incident

Public Notification

We regret to report that 1300SMILES Dentists has recently experienced a data breach incident that involves some personal information contained within the 1300SMILES Dentist Buderim practice reception email account.

Because of variations in the types of records involved, not all patients whose personal information was contained in those records are affected in the same way. Unfortunately, some patients may be more seriously impacted as a result, although we are currently not aware of any harm arising from the incident.

We are in the process of contacting patients who are likely to have been seriously impacted by the incident. However, there are a number of patients in this category we have not been able to reach, typically because we do not have current contact details on file. As a result, we have decided to update all patients. If you have concerns about your personal information as a result, you can reach out to us at privacy@1300smiles.com.au.

The security of the personal information we hold about patients is important to us, and we want to apologise to all patients – whether affected by the incident or not. We also wanted to let you know what happened, what steps we took, and our recommendations for patients as a result.

What happened?

1300SMILES Dentists Buderim was the subject of a successful phishing attack that impacted a reception inbox. This mailbox held some personal information about our patients. The mailbox was subsequently accessed by an unauthorised third party.

Once we identified the phishing incident, we immediately limited access to the compromised mailbox. We then commenced a security investigation to resolve the incident. We would like to reassure you that our patient management systems have not been impacted by the incident.

We take the security and privacy of the personal information that we hold about our patients seriously. Since our detection of the incident, we have been undertaking a thorough analysis of the compromised mailbox to identify which individuals may have been affected and how best to contact them.

What we’re doing about it

As soon as we became aware of the incident, we implemented emergency security measures to disable access to our system and reset all passwords. We also disabled access to the mailbox overnight while we investigated the incident. We are currently commencing a review to identify patients who, because of the personal information held in the compromised mailbox, may have been seriously affected by the incident and are in the process of contacting these patients directly where we hold current contact information.

Separately, we also enlisted the assistance of a security specialist to investigate the incident. We are working closely with this expert on making security enhancements to our systems and have implemented procedures to reduce the risk of an incident of this nature reoccurring.

1300SMILES has also partnered with IDCARE, Australia’s national identity and cyber support community service. They have expert Case Managers who can work with you in addressing concerns in relation to personal information risks and any instances where you think your information may have been misused. IDCARE’s services are available at no cost to you. If you wish to speak with one of ID Care’s expert Case Managers, please complete an online Get Help form at www.idcare.org or call 1800 595160. When engaging IDCARE, please use the referral code MLMU23.

Note IDCARE specialist Case Managers are available from 9am-5pm AEST Monday to Friday, excluding public holidays

What personal information have we identified as affected by the incident?

From our investigation of the incident, we have determined that certain types of personal information we hold about patients may have been affected. The personal information that has been affected varies by individual, and may include some or a combination of the following:

• Identity information, including your name, contact details and date of birth.
• Medical information, which may include your medical scans, patient reports, medical history.
• Medicare number.
• Other concession card numbers (such as your healthcare card, DVA number or pension number) if you have provided those to us.
• Insurance information.
• Other information including whether you are of Aboriginal or Torres Strait descent.

It is not necessarily the case that the potentially compromised information about you falls into all of these categories. However, we still recommend you follow each guideline in the next section in the interest of reducing your overall risk.

Please note that we are still progressing our investigation and may reach out to you again if further information is identified on you.

What you need to do

We strongly advise that you follow these guidelines to reduce the risk of potential harm in the event your information has been compromised:

1. Obtain a replacement Medicare card or a new Medicare number using either your Medicare online account or the Express Plus Medicare mobile app. Instructions can be found here. If you have provided other concession card identifiers to us, such as your healthcare card, DVA number or pension number, we recommend that you contact the relevant issuing authority of that concession card (e.g. Services Australia, Department of Veterans Affairs) to ask if you can have a new number issued.
2. Remain alert to any calls or emails claiming to be from the Australian Digital Health Agency or Medicare. If in doubt, verify the correspondence separately (such as by contacting these agencies through their publicly listed phone numbers or by accessing it via your MyGov account).
3. Regularly check the information in your My Health Record and report any unauthorised activity to the Australian Digital Health Agency or Medicare. You may also wish to review your My Health Record activity and access notification settings in MyGov.
4. Inform your health insurance provider and bank of this incident and ask them to monitor your accounts for any suspicious activity, such as unauthorised transactions or log-in attempts. Remain alert to any calls or emails claiming to be from these providers. If in doubt, log into your relevant member or customer portal to verify any correspondence.
5. Please avoid clicking on any links or opening any emails that appear to come from 1300SMILES but have a suspicious email address. You can check this by hovering over the link to identify any suspicious email addresses.
6. Be vigilant to any emails from unknown senders and do not open any suspicious email attachments or click on any links within unknown emails. You may find Scamwatch useful to protect yourself from scams.
7. If you have communicated with the 1300SMILES reception email account, change your email account passwords to strong passwords that you have not used for other accounts. If you have emailed yourself online account passwords, we recommend you change these as well.
8. For further guidance and support about how to recognise unusual activity and protect your information, you can reach out to the Australian Cyber Security Centre on 1300 292 371.

Still have questions?

If you would like any more information about this incident, please contact privacy@1300smiles.com.au and someone will respond to you as soon as possible.