back to top

Here's What Family Planning NSW Says About The Cyberattack That Exposed Thousands Of Its Patients' Details

The organisation's chief executive said more sensitive medical records held by clinical staff were never under threat.

Posted on

The boss of one of Australia's largest reproductive and sexual health service providers has apologised to the thousands of clients who may have had their personal details compromised after a cyberattack.

Coldsnowstorm / Getty Images

"I just want to apologise so sincerely to all the clients that this has affected," Family Planning NSW (FPNSW) chief executive Ann Brassil said in a press conference on Monday afternoon.

"I want to stress to people that this has absolutely nothing to do with, and has no impact on, our clinical medical records, they've always been secure."

FPNSW was one of several agencies targeted last month by "cyber criminals" who requested a Bitcoin ransom on Anzac Day.

The attack on the organisation's website exposed databases which included information from clients who had contacted the website in the past two-and-a-half years, seeking appointments or leaving feedback.

"There's no evidence that this cyberattack was on Family Planning NSW itself; it was one of a number of attacks that occurred ... to a number of organisations and it appears it was an attack for ransom, so it was financial," she said.

"The ransom said we are shutting down your website and you pay us $15,000 in Bitcoin for us to release the website, and it had a clock ticking down."

Brassil said the databases were now secure and the website had been temporarily shut down to prevent any further data breaches.

"It was the vulnerability in the software that the website was built on," Brassil said.

"This wasn't about family planning this was about a hack to software."

She said FPNSW had been working "hand in glove" with the organisation's digital security provider Adelphi to improve the site's security.

FPNSW offers expertise on contraception, pregnancy options, sexually transmissible infections (STIs), sexuality and sexual function, menstruation, menopause, common gynaecological and vaginal problems, cervical screening, breast awareness and men’s sexual health, and has fixed clinics in Ashfield, Fairfield, Penrith, Newcastle and Dubbo. It has more than 28,000 client visits annually.

FPNSW sent an email to its clients on Monday morning reassuring patients the databases compromised did not connect with the "internal medical records".

FPNSW has notified the Australian Federal Police and is working to standards set by the Office of the Australian Information Commissioner following this attack, the organisation said in a statement.

It has also established a dedicated phone line 1800 957 860, operating from 9am to 5pm Monday to Friday, and has a dedicated email respond@fpnsw.org.au to connect concerned individuals with more information.

Gina Rushton is a breaking news reporter for BuzzFeed News and is based in Sydney.

Contact Gina Rushton at gina.rushton@buzzfeed.com.

Got a confidential tip? Submit it here.