Patient FAQs – Update: 15 July 2024
What has happened?
Since our original notification (which can be found here) we have been working to recover the data that had been encrypted as a result of the cyber incident.
We have been able to recover the majority of patient reports that had been impacted by the cyber incident. If you were previously unable to obtain a copy of a report and you or your referring doctor still require that report, please contact your local clinic, details of which you can find here.
We are now in the process of attempting to recover historical scanned images which may take some time.
We will post further updates on the website as this recovery process progresses.
Has my information been impacted?
Since our last update, we have successfully decrypted our main IT information systems and we have been able to conduct an analysis of potentially impacted data.
If we determine that the Medicare card, Centrelink card or Veteran Card information that you provided to us prior to the cyber incident is current and unexpired, we will make every effort to contact you directly by post no later than the 31st July 2024 and provide you with additional steps that you may wish to consider undertaking to protect your personal information.
We can confirm that Quantum does not collect or store credit card data, nor does Quantum store scanned copies of Medicare cards or other identity cards (such as Centrelink card or Veteran Card).
Will I receive a direct notification?
We are making every effort to write directly to patients where we held valid and unexpired Medicare cards, Veteran Cards, or Centrelink cards.
If you do not receive a letter but believe we held your current Medicare card, Centrelink card, or Veteran Card information prior to the incident, please contact our Support Centre on 1300 059 750.
If I have previously requested a copy of reports or scans, will they now be sent to me, or do I need to contact Quantum again?
Quantum is currently addressing prior requests for reports or scans and, where the necessary paperwork and authority are in place, sending out the requested reports. If you or your legal representative have not received a response by 31st July 2024, please contact the support centre for assistance. Please note at this stage, we are only able to provide copies of reports, copies of scans are still currently unavailable.
Have you updated the authorities?
Yes, we notified New South Wales and Commonwealth regulatory bodies and agencies as soon as we became aware of the cyber incident. With the partial recovery of patient records, we have updated these authorities and notified law enforcement about the latest developments. We will continue to do so if there are any further developments.
Have my Medicare details compromised?
If you have been a patient of Quantum, your Medicare details may have been impacted by this incident. If the information we held about you prior to the incident includes a valid and unexpired Medicare number we will write to you directly and provide you with advice on how to protect the security of your Medicare account, including how to replace your card, should you wish to do so.
If you believe that we did hold information about your current Medicare card prior to the incident and you have not received a letter from us, please contact our cyber incident support centre on 1300 059 750.
Please note, Quantum does not store copies of Medicare cards.
Have my Veteran Card details compromised?
We have reviewed the records of patients who have provided their Veteran Card details and have determined that, taking into account advice from government agencies and given the limited information held, these patients are not required to replace their cards. However, if you are concerned about the security of your Veteran Card details, you can contact the Department of Veteran’s Affairs for further information on 1800 838 372.
I am concerned about the security of my Centrelink account. What should I do?
If you have been a patient of Quantum, your Centrelink Reference Number (CRN) may have been impacted by this incident. If the information we held about you prior to the incident includes a valid CRN we will write to you directly.
You do not need to request a replacement Centrelink concession card (if you have one). If you are concerned about the security of your Centrelink account, you can contact Services Australia to add a verbal password to your account.
Please visit www.servicesaustralia.gov.au/databreach for more information on how you can protect your personal information after a data breach.
Why does Quantum have my information?
Like any other healthcare organisation, we collect personal information where it is necessary for our functions and activities, and we are required to retain certain information for certain periods of time depending on the nature of the data involved and our legal obligations regarding the retention of those records.
Is My Health Record information impacted by this incident?
No. We can confirm that any information connected to My Health Record is not impacted by this incident.
What steps have you taken to ensure the security of your IT systems?
We have rebuilt our systems so that they are stronger and more secure, including:
- a complete rebuild of our server infrastructure;
- upgrading our software to the latest secure versions;
- increased security controls and security awareness;
- an independent review of our cybersecurity practices; and
- a commitment to ongoing cybersecurity reviews.
Can you tell me if my data has been posted on the dark web?
At this stage, there is no evidence to suggest that any of Quantum’s or our patients’ information has been published online. We will update this page if we become aware of any change to this situation.
How will you keep me updated?
We will update the cyber incident notice page on our website with any news or developments.
If you would like any further information, please contact our Support Centre on 1300 059 750
What steps can I take to protect myself online?
We encourage you to take these precautions to protect your personal information:
- Remain alert to any suspicious email, SMS, or telephone communications that are disguised to look like they come from someone you know or trust, including Quantum Radiology. Please note that our official text system is now operational and may notify you about appointments or provide links to access your results. Always ensure the messages are from our official channels. If you are in doubt, please contact your local clinic. Verify the legitimacy of communications by authenticating the sender. Do not respond to the suspicious communication but rather contact the person separately via their usual means of communication to verify the legitimacy of the communication.
- Do not open links that look suspicious and be alert to phishing scams. This could include scams that target you through post or email. Phishing scams are attempts by scammers to trick people into providing their personal information, passwords, credit card numbers and/or sensitive personal information.
- You can find further information about online safety, cyber security and helpful tips at: www.cyber.gov.au/protect-yourself
If you have further questions or concerns, please contact our Support Centre on 1300 059 750
Reach out for support
If you have further questions or are feeling concerned about this incident, our Support Centre is here to provide guidance and support on 1300 059 750.
Please note that we may need to verify your identity if your inquiry relates to personal information held by us.