On 4th November 2023 we were alerted to an email purporting to be from New Street Medical Centre. The email requested confidential information: Payment Details, Full card information and billing address.
As genuine patients of New Street Medical Centre had been targeted in this email, the following actions were performed in line with our notifiable data breaches policy:
- Setup a notification to all patients emailing New Street Medical Centre that we were aware of a third party acting maliciously and pretending to be New Street Medical Centre.
- Commenced an immediate investigation of all internal and external systems security to determine whether any systems had been breached and if so to what extent.
As a result of the review, some patient information was found to have been accessed from a third- party system that had been breached. Our investigation identified that some information about patients was involved, including: • Email Address • Full Name • Last four digits of credit card information (only)
This incident did NOT affect:
- Full Credit Card Details (last four digits only were stored with a third-party provider)
- Confidential patient medical information
- Address, Contact Information (Mobile), Date of Birth
We take incidents like this very seriously, and with support from our third-party providers have implemented additional security including multifactor authentication to third party provider portals. Additionally, we are in the process of implementing multifactor authentications for all systems with the capability to do so.
To maintain your own security, it is recommended to:
- never open unsolicited email or click on links or attachments.
- replace your passwords regularly.
- Activate Multi-factor authentication for all your email and services to ensure no third party can gain access to your systems.
On behalf of New Street Medical Clinic