Some patients at Meadows Medical Centre in Mullumbimby received an email in the last week stating that Meadows ‘email addresses have been compromised’.
Speaking to The Echo they have assured ‘patients and everyone in our community that no personal or medical information was accessed’.
‘On Wednesday the 9 November 2022, Meadows Medical Centre was the victim of a Phishing attack,’ said Practice Manager, Kristy Van Wyk.
‘One of our email addresses was compromised, and within a matter of minutes, the automated attack spammed large groups of suggested contacts with a fake email from Meadows Medical Centre, containing a link to a New Contract.
‘The email link for a “New Contract Documents Received” is a spam email that was classified as a phishing scam.
This letter attempts to trick the recipient into disclosing their email account log-in credentials by claiming they have been sent documents concerning a new contract.
Some have malicious files attached to them or contain a website link designed to download a malicious file.
‘Within 16 minutes of the first email being sent our email account was shut down and any further emails were prevented from being sent.
‘We immediately advised those affected through an automated message on our phone system, and by follow-up email.
‘Anyone who has received this email should not click on the link. Those that have, should reset their email password and are advised to check any changes to the rules in their email account that now hides or blocks auto-replies or bounce-backs, as this is a sign that their email address has been compromised and is being used to send malicious emails.
‘The relevant authorities, including the Office of the Australian Information Commissioner and the Australian Cyber Security Centre, have been notified and we have been advised that no further action is required at this stage.
‘The Australian Cyber Security Centre has excellent resources on cyber security and we encourage anyone who has concerns regarding this incident, or any other suspicious email activity, to visit cyber.gov.au for further advice.’