NSW healthcare provider JewishCare suffers comprehensive data breach

NSW healthcare provider JewishCare suffers comprehensive data breach

The healthcare company said it discovered on October 28 that it had been the victim of a cyber incident and that data may have been compromised and posted on the dark web.

Although the data exfiltrated per person varies depending on the relationship the individual had with JewishCare, current and former clients, staff, volunteers, donors and vendors were affected.

Customer data – dates of birth, telephone numbers, email addresses, residential/postal addresses, bank account information, credit card details and statements, identity documents such as Medicare cards, passports and licenses, photos, data on next of kin and other family information, wills, incident reports, court orders, including domestic violence family orders, information shared between clients and JewishCare, including custody logs, service instructions, consent forms, service level agreements, funding information and allocation letters, and health and medical data including do not resuscitate plans, client and provider assessments, Medicare details, medical history and care plans.

Donor data – donor IDs, contact information such as emails, phone numbers and residential/mailing addresses, payment details, payment history and communications with JewishCare, which could contain personal experiences , information on the health of individuals and their loved ones and more.

Personnel data – dates of birth, contact details and emergency contact details, including emails, telephone numbers and residential/mailing addresses; onboarding information and documents such as passports, driver’s licenses, Medicare card scans, background check information and visa data; employee specific information including bank account, superannuation, TFN, salary package and remuneration, PAYG details, payslips, timesheets, payroll details, employee record data including Centrelink details, expense reimbursements, absence details, performance, illness and other employment records, work with children’s checks, pension information food for children, controls criminal and NDIS worker checks.

Volunteer data dates of birth, contact information and emergency contact information such as emails, telephone numbers and residential/mailing addresses; volunteer onboarding information and documents such as passports, driver’s licenses, Medicare card scans, background check information, and visa information; volunteer record information including Centrelink details, expense reimbursements, absence details, performance, illness and other employment records, working with children checks, criminal checks and NDIS worker checks.

Supplier data – contact information such as emails, telephone numbers and residential/mailing addresses, as well as payment details such as bank account information, currency certificates and invoice descriptions.

It should be noted that the data exfiltrated about an individual varies from person to person. The data listed above does not define the quantity of data exfiltrated by each person, but the data possibly consulted.

JewishCare said it has notified everyone confirmed to be compromised by the data breach, as well as those it believes are at risk.

“Our investigation is ongoing and we are still working to identify precisely what (and what) other information may have been impacted as part of the incident,” JewishCare said.

JewishCare said it had engaged cyber experts as part of its investigation and was working with federal and state authorities, including the Australian Cyber ​​Security Centre, Australian Federal Police, New South Wales Police, National Security Bureau. Cybersecurity and the Australian Bureau of Information. Commissioner.

“Our priority has been to try to minimize the impact on our customers, donors and other stakeholders as well as our collaborators, and to remediate and restore our systems for safe use,” the organization added health care.

JewishCare also reiterated that “there is nothing to suggest this was a targeted attack against the Jewish community” but said it was still working with law enforcement and agencies as part of its investigation. on these concerns.

At this point, Cyber ​​Daily has not identified the nature of the incident or the threat actor behind the cyberattack.

Cyber ​​Daily contacted JewishCare.

Watchdog group calls for investigation into X's sneaky new ads

Watchdog group calls for investigation into X’s sneaky new ads

Government is now the city's most popular tech employer

Government is now the city’s most popular tech employer

Leave a Reply

Your email address will not be published. Required fields are marked *