Important Security Update

Published: 21 July 2024

Further Important Security Update - 21 July 2024

We regret to inform you that we have become aware of a security incident affecting our retail operations trading as “bloom hearing specialists”, “TotalCare Hearing”, “Chris Laird’s YP Audiology”, “HearClear Audiology” and “Brad Hutchinson Hearing”. A dormant entity in Australia is also affected. 

On 5 July 2024, we became aware of a ransomware attack which encrypted data on several systems and impacted a number of our applications. The threat actor also claimed to have stolen data from our network, although so far this has not been verified. As at the date of this notice, however, we do know there was unauthorized access by the threat actor. As soon as we became aware of the incident, we took immediate steps to contain the incident and secure our systems, and our response team is working hard to investigate and identify what personal information has been affected by this incident.

We have notified the incident to the Office of the Australian Information Commissioner, the New Zealand Office of the Privacy Commissioner and law enforcement in both countries and will continue to liaise with those authorities.

Our current understanding is that a range of personal information of:

  • current and former patients of “bloom hearing specialists”, “TotalCare Hearing”, “Chris Laird’s YP Audiology” and “HearClear Audiology” may be involved, including name, address information, contact information, date of birth, gender, insurance information, health information, financial information and government related identifiers; and
  • employees and contractors may also be involved (if you are a former employee or contractor of any of the above retail operations, “Brad Hutchinson Hearing” or of the dormant entity, Widex Australia Pty Ltd, please click here).

Some personal information of other individuals (such as healthcare professionals, other contacts/powers of attorney of patients, vendors and next of kin of employees/contractors) may also be involved including names, contact information, address information, relationships to patients or employees/contractors, physician numbers and financial information of vendors.

At this stage, we believe the incident was restricted to our retail operation’s systems and did not impact our wholesale networks.

Investigations are ongoing and we are still assessing the categories of information that may be impacted. We will publish further updates on the categories of information affected and any risks we identify as we find out more.

We know this is a concerning development but rest assured your privacy and security are of utmost importance to us. We sincerely apologise for any distress this incident may have caused.

If we confirm that any individual’s personal information has been exfiltrated by the threat actor, we will write to those individuals to confirm this and recommend steps those individuals can take to protect themselves, where required by law and provided we have a means of practicably doing so.

In the interim, we urge all our patients and others potentially affected by this incident to be vigilant regarding all online and phone communications and transactions. Please consider updating your passwords and activate multi-factor authentication wherever possible, and maintain good online safety practices, including avoiding opening messages or clicking on links from unknown senders.

To support patients and others potentially affected by this incident during this time, we have also partnered with IDCare, Australasia’s national identity and cyber support community service. Their expert Case Managers can assist with any concerns related to personal information risks. These services are provided at no cost to you. You can complete an online Get Help form at www.idcare.org or call 1800 595 160 (AU). A unique referral code will be provided to you if you are impacted by this incident. Along with IDCare, the Privacy Commissioners’ offices have good resources regarding what you can do to protect yourself and also receive complaints (for Australia, see https://www.oaic.gov.au/).

Please continue to stay alert and report any suspicious activity. If you believe that you may be impacted by the incident, please monitor our website for further updates. Alternatively, you may contact us in relation to the incident by emailing support@bloomhearing.com.au.

 

 

 


Published: 9 July 2024

We regret to inform you that we have become aware of a security incident affecting our retail operations trading as “bloom hearing specialists”, “TotalCare Hearing”,” Chris Laird’s YP Audiology”, “HearClear Audiology” and “Brad Hutchinson Hearing”

On 5 July 2024, we detected a security incident after we were contacted by a third-party claiming to have stolen data from our network which has impacted several applications.

We took immediate steps to contain the incident and are working around the clock to investigate and understand what kinds of information have been affected by this incident and the likely impact on any affected individuals.

Our current understanding is there is a likelihood a range of personal information of:

  • patients may be involved, including name, address information, contact information, date of birth, gender, insurance information, health information, financial information and government related identifiers.
  • employees and contractors may also be involved, including name, address information, contact information, date of birth, financial information, superannuation information, social services information, tax information and government related identifiers.

Some personal information of other individuals (such as healthcare professionals, other contacts/powers of attorney of patients, vendors and next of kin of employees) may also be involved.

We will provide further updates as soon as practicable, and all information provided is subject to further confirmation following the completion of forensic investigations.

The privacy of patients, staff and others is of great importance to us, and we sincerely apologise for any distress this incident has caused. We urge our patients, staff and others potentially affected by this incident to be vigilant regarding all online communications and transactions, including phishing via email, SMS or phone, not opening texts from unknown numbers, and to consider updating your passwords to use strong passwords and activate multi-factor authentications.

We will identify any other recommended steps that individuals might take to reduce the risk that they experience serious harm as a result of this incident once we have confirmed what kinds of information have been affected by this incident and the likely impact of this incident on any affected individuals.

If you believe that you may be impacted by the incident, please monitor our website for further updates. Alternatively, you may contact us in relation to the incident by emailing support@bloomhearing.com.au.