Cyber Security Incident
On 13 November 2023, Pound Road Medical Centre (PRMC) was alerted to activity on our systems which indicated a
potential cyber incident had occurred. We have commenced an urgent investigation into that activity and taken
immediate action to contain the incident.
Unfortunately, our investigations have identified that patient data may have been accessed and taken from our systems
by an unauthorised third party.
Our investigations are ongoing, but we take the privacy of our patients incredibly seriously and are inf orming them of
this development, as well as of protective measures they can take to safeguard their information.
What information may have been impacted?
Contact Information
Your contact information (name, address, email address and/or phone number) may have been impacted.
Please look out for scammers – including suspicious emails, texts, phone calls or messages on social media. Never
click on any links that look suspicious, and never provide your passwords, or any personal information.
Health Information
Health information impacted by the incident could include details of the diagnoses, treatment, or recovery of a medical
condition or disability, as well as other health information contained within your medical record.
Health and other sensitive personal information by itself is generally not useful to a cyber-criminal.
However, we acknowledge and understand that it may be upsetting to have your health information accessed. We regret
that this incident has taken place and sincerely apologise for any unease this may cause you.
If you are experiencing any distress, we recommend that you seek health advice from a registered health professional
you know and trust.
Medicare or Pensioner Cards
Medicare card or Pensioner card details may also have been impacted by the incident.
Rest assured, your Medicare card number alone cannot be used to access your Medicare account.
If you have provided us with a scan of your Medicare card, or are concerned about the security of your Medicare
account, you can contact Medicare to obtain a replacement card f ree of charge.
You can do this by:
• using your Medicare online account through myGov
• the Express Plus Medicare mobile app
• calling the Medicare program.
If your pensioner concession card has been impacted, you can replace it by:
• requesting a new card via your myGov account linked to Centrelink
• calling Centrelink on 132 300 or your regular payment line
• visiting a Centrelink Service Centre.
If you are concerned about the security of your Medicare, Centrelink and myGov accounts, please visit
www.servicesaustralia.gov.au/databreach for more information on how you can protect your personal information after
a data breach.
Other Information
PRMC generally does not collect or store patient identity documents or financial information.
If you need more details about the information we hold about you please contact
cyberincident@poundroadmc.com.au.
Preventative Measures
In addition to the above, we encourage our patients to take the following simple preventative steps to protect their
information and avoid any potential scams:
- Look out for scammers – including suspicious emails, texts, phone calls or messages on social media.
- Never click on any links that look suspicious, never provide your passwords, or any personal information.
- Consider changing your online passwords. Use strong passwords and enable multi-factor authentication for your online accounts where possible.
You can also find further information about online safety, cyber security and helpful tips to protect yourself at the following
websites:
• Ways to protect your privacy | OAIC
• ACCC's Scam watch website
• Protect yourself | Cyber.gov.au
What actions has PRMC taken?
We have engaged external forensic experts and are following their advice to ensure the incident has been contained
and that our systems are secure.
We are also reporting the incident to relevant Australian agencies and authorities including the Of f ice of the Australian
Information Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC).
Conclusion
We regret that this incident has occurred and affected our patients. If you have any questions about the incident itself,
or the inf ormation we hold about you, we kindly request that you contact us on our designated cyber incident email
address at cyberincident@poundroadmc.com.au and a member of our team will respond to your query as soon as
possible. This is the best and most efficient way for us to address any questions you may have.
370-372 Pound Road, Narre Warren South, Vic 3805 Ph: 03 8796 6300 FAX: 03 8794 8489 ABN: 96 319 983 239
Frequently Asked Questions
1. What has occurred?
On 13 November 2024, Pound Road Medical Centre was alerted to activity on our systems which indicated a potential
cyber incident had occurred. We have commenced an urgent investigation into that activity and taken immediate action
to contain the incident.
This investigation is still ongoing with the assistance of external experts.
2. Who has been impacted?
Unfortunately, our investigations have identified that patient data of Pound Road Medical Centre may have been
accessed and taken from our systems by an unauthorised third party.
Whilst our investigations remain ongoing, we take the privacy of our patients incredibly seriously and are informing
them of this development, as well as of protective measures they can take to safeguard their information.
3. What information may have been impacted?
The patient data which may have been accessed includes contact details, health information and the Medicare or
concession card details of our patients.
The health information impacted by this incident could include details of diagnoses, treatment, or recovery of a
medical condition or disability, as well as other health information contained within a patient’s medical record.
4. Has the incident been resolved, and access stopped?
We are currently working with our IT provider and external cybersecurity experts to remediate the incident and further
enhance the security of our systems moving forward.
5. What actions have been taken since the incident occurred?
Once aware of the incident, we worked urgently to contain the threat and investigate what occurred.
We are notifying the relevant Australian regulatory bodies including the Of f ice of the Australian Information
Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC) and will follow their guidelines.
6. Has any personal data been published externally?
No. As of 22 November 2024, we are not aware of any impacted personal data relating to our patients that has been
published online.
We will ensure all impacted individuals are kept updated and informed if this changes.
7. Is Pound Road Medical Centre still open?
Our medical centre remains open to all patients so that we can continue to provide the highest quality care.
370-372 Pound Road, Narre Warren South, Vic 3805 Ph: 03 8796 6300 FAX: 03 8794 8489 ABN: 96 319 983 239