iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
JewishCare NSW, a healthcare provider for those in the Australian Jewish community, has disclosed a major data breach.
The healthcare firm said that on 28 October, it discovered that it had suffered a cyber incident and that data may have been compromised and posted on the dark web.
While the data exfiltrated per person varies depending on the relationship the individual had with JewishCare, clients, staff, volunteers, donors and suppliers, current and former, were affected.
Client data – dates of birth, phone numbers, email addresses, residential/postal addresses, bank account information, credit card details and statements, identity documents such as Medicare cards, passports and licenses, photos, next-of-kin data and other family information, wills, incident reports, court orders, including domestic violence family orders, information shared between clients and JewishCare, including on-call logs, service instructions, consent forms, service level agreements, funding information and allocation letters, and health and medical data, including do-not-resuscitate plans, client and provider assessments, Medicare details, medical history and care plans.
Donor data – donor IDs, contact information such as emails, phone numbers and residential/postal addresses, payment details, history of payments and communications with JewishCare, which could contain personal experiences, health information about individuals and their loved ones and more.
Staff data – birth dates, contact and emergency contact information, including emails, phone numbers and residential/postal addresses; onboarding information and documents such as passports, driver’s licenses, Medicare card scans, background check information and visa data; employee-specific information, including bank account, superannuation, TFN, salary package and remuneration, PAYG details, payslips, timesheets, payroll details, employee file data, including Centrelink details, expense reimbursements, absence details, performance, illness and other employment records, working with children checks, child support information, criminal checks and NDIS worker checks.
Volunteer data – birth dates, contact and emergency contact information such as emails, phone numbers and residential/postal addresses; volunteer onboarding information and documents such as passports, driver’s licenses, Medicare card scans, background check information and visa information; volunteer file information, including Centrelink details, expense reimbursements, absence details, performance, illness and other employment records, working with children checks, criminal checks and NDIS worker checks.
Supplier data – contact information such as emails, phone numbers, and residential/postal addresses, as well as payment details such as bank account information, certificates of currency, and invoice descriptions.
It is worth noting data exfiltrated of an individual varies from person to person. The data listed above does not define how much data has been exfiltrated by each person, but the possible data accessed.
JewishCare said it has notified any individuals it has confirmed as compromised by the data breach, as well as those it believes are at risk.
“Our investigation is ongoing, and we are still working to identify precisely what (and whose) other information may have been impacted as part of the incident,” JewishCare said.
JewishCare said it has engaged cyber experts as part of its investigation and is working with federal and state authorities, including the Australian Cyber Security Centre, the Australian Federal Police, NSW Police, the National Office of Cyber Security, and the Office of the Australian Information Commissioner.
“Our priority has been to try to minimise the impact on our clients, our donors and other stakeholders and our people, and to remediate and restore our systems for safe use,” added the healthcare organisation.
JewishCare also iterated that “there is nothing to suggest this is a targeted attack on the Jewish community” but said it was still working with law enforcement and agencies as part of its investigation into these concerns.
At this stage, Cyber Daily has not identified the nature of the incident nor a threat actor behind the cyber attack.
Cyber Daily has reached out to JewishCare.
Be the first to hear the latest developments in the cyber industry.
