NOTICE OF BREACH
We experienced an IT security breach whereby an external party may have accessed information stored on our electronic mail (E-Mail) and file-sharing systems. We are not aware that any of your information has been accessed, used, or compromised; however, I am writing to all our patients and customers to ensure you are informed about this incident.
On 14 February 2022, we noticed that one of our email addresses was sending a phishing invoice to staff and some of our suppliers and customers. Upon investigation, we had found that one of our staff mailboxes had been compromised by an external 'attacker', and data contained within, and accessed by this mailbox, had become accessible to this attacker. To date, our investigations indicate that the intrusion began on 10 February 2022 and ended on 14 February 2022. As you have provided your information to us in the past, we are notifying you about this data breach.
What Information Was Involved?
We believe that the attacker may have been able to access several files and information on our systems at the Skin Health Institute. This may include your first and last name, your address, your phone number and potentially any photos or other personal data provided to us that is stored on our systems.
What Are We Doing?
We are taking this data breach very seriously and undertaking all preventative remedial actions required. I have informed the Skin Health Institute's Board of Management and notified the Australian Information Commissioner's Office that a data breach has occurred. Our IT team has investigated and removed all access by the attacker to our emails and systems. They are also working with cyber-security providers and vendors, are reviewing our systems, processes, and policies to reduce any risk of access to prevent future cyber-attacks, and all staff has changed their passwords.
What Can You Do?
Firstly, we ask that you remain cautious when receiving any emails, particularly if they contain links, attachments, or personal information.
Please do not open any unexpected emails that you receive from us.
If you do receive an email from us, please ensure that the email is relevant to you. If you are concerned, please contact us at [email protected] or call us on (03) 9623 9400 for more information.
I apologise for any inconvenience or distress that this incident may cause. Please rest assured that the Skin Health Institute takes the protection of your data seriously and is taking all advice and actions to prevent any future data breaches.
Chief Executive Officer