HealthEngine Suspects Data Breach After Unauthorized Access to Site

A few days ago, we heard about HealthEngine sharing its users’ data with some compensation lawyers. While the Australian Medical Association is busy in investigating the matter, the firm makes it into the news again. In a press release, the CEO stated that HealthEngine suspects data breach that may have affected a ‘small group’ of their customers.

HealthEngine Suspects Data Breach Affecting 59,600 Users

The online healthcare booking service, HealthEngine suspects data breach after it noticed some unauthorized access to the website. After observing the matter, the CEO, Dr. Marcus Tan, officially informed customers about the incident through a press release. Reportedly, the unknown hackers accessed the Practice Recognition System on the firm’s website.

“Due to an error in the way the HealthEngine website operated, hidden patient feedback information within the code of the webpage was improperly accessed. This information is ordinarily not visible to users of the site,” reads the press release.

The company further confirms that the breached data may include feedback entries of 59,600 patients. Whereas, 75 of these entries might also contain personally identifiable data. Nonetheless, they assure that neither any account details nor any patient records or the information about any other healthcare practice have been leaked.

HealthEngine Began Investigations About The Incident

After the data breach, HealthEngine informed the affected users compromising their personal details. Besides, they have also reported the incident to the Australian Information Commissioner as a gesture of compliance with the data breach reporting law.

“We take data security very seriously, and acted swiftly and decisively when we became aware of the breach, to identify the error and shut down the published patient feedback function of the Patient Recognition System on the website.”

After investigating the source of the breach, they removed patient feedback functionality from their site. They commit not to reinstate the feedback until the issue has been remedied. For the moment, they require no further actions from the users.

The recent incident adds further to a number of recent healthcare data breaches. A few days ago, we reported about the CarePartners data breach that occurred in a somewhat similar manner.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients