Family Planning NSW Has Been Hit By A Huge Data Breach Affecting Client Details

If you've booked a sexual health checkup there, your details may be compromised.

by Sam Langford 14 May 2018

Want more Junkee in your life? Sign up to our newsletter, and follow us on Instagram, Twitter and Facebook so you always know where to find us.

Reproductive and sexual health service Family Planning NSW has just revealed it was hacked on Anzac Day this year, in a data breach that could potentially affect anyone who has used the service in the past two-and-a-half years.

In an email sent to all clients this morning, Family Planning NSW apologised for the breach, and emphasised that it did not affect internal medical records. The breach could affect up to 8000 people.

The breach did, however, potentially affect all information submitted via the website’s appointment booking and feedback forms over the past two years — forms which may have included identifying information, appointment types, and potentially information regarding medical conditions experienced by clients.

Family Planning NSW have emailed everyone who has been a client of theirs to let them know they have been hacked. Everyone who contacted them through their website over the past 2 1/2 years to make an appointment or leave feedback has had their information compromised pic.twitter.com/YKmujtzpcg

— Lauren Ingram ? (@laureningram) May 14, 2018

The kinds of appointments offered by Family Planning NSW include sexual health checkups, STI tests, advice on contraception and pregnancy, and other sensitive medical checkups. Given that many services offered by Family Planning are heavily stigmatised, simply the fact that a person had attended a clinic may be considered an incredibly sensitive piece of information.

A screenshot of Family Planning NSW’s appointment request form, demonstrating the kin d of information that may have been compromised.

Family Planning NSW CEO Ann Brassil said the organisation was one of several targeted by financially motivated cyberattacks –the attackers demanded a bitcoin ransom — on April 25. The organisation secured the site by 10am on April 26, and has informed the Australian Federal Police of the breach.

As for why clients were only informed today, nearly three weeks after the breach, Brassil told media today that “as soon as we got the website shut down, which was our absolute priority, then we have spent an enormous amount of time understanding whether there was actually a data breach, and the nature of that data breach.”

“Information security and cyber-crimes remain a significant challenge for all organisations. We are conducting a thorough review of our information security to ensure our clients can continue to trust us for their reproductive and sexual health services,” Brassil said.

“It’s important that people who need reproductive and sexual health services are not deterred by this. Accessing safe, reliable and clinically appropriate care is of vital importance,” she said. “We hope the public will continue to trust us with their healthcare needs.”

The Family Planning NSW website is currently down while security updates are conducted, but clinics are operating as usual. Clients concerned about whether their data was breached can contact the organisation at 1800 957 860 during business hours, or [email protected], to receive more information.