A cyber attack on Castlemaine's CHIRP Community Health has exposed client registration data, including names, addresses, Medicare numbers and service enrolment, such as alcohol and drug programs.
CHIRP Community Health chief executive Dianne Couch penned a letter to the organisation's website on Thursday, outlining the breach, which came to light on September 18.
The unauthorised access of the IT system was found by the organisation's IT provider, who detected unusual activity on the system.
READ MORE:
CHIRP, located at 13 Mostyn Street, Castlemaine, provides community health services and programs, including family and housing services, alcohol and drug programs and exercise groups.
Ms Couch said an attempt to run spam emails using CHIRP's IT systems was successfully shut down, however an investigation indicated historical client registration information from 2005 to 2014, stored on the system, had been viewed.
"There was no evidence that personal information was removed from our system and an investigation has shown it has not been published on the internet," Ms Couch said.
"Investigations indicate the intruder's intention was to send spam emails to people from CHIRP's system.
"An investigation by an independent specialist cybersecurity firm found that old client registration information had been viewed, but there was no evidence or indication it had been copied."
The information stored on the system included name, address, phone number, date of birth and Medicare number.
It also contained health program enrolment data, indicating the services people may have registered for, such as chronic disease and alcohol and drug services and the date registered.
CHIRP said it took immediate action upon discovering the incident, including notifying the Victorian Department of Health and Human Services and working with IDCARE, Australia's specialist identity security community service to understand the risk to impact people and arrange support.
Impacted clients have been contacted to advise them of the potential exposure and warned, in the event they receive any unusual message or contact.
IDCARE case managers can be contacted on 1800 595 160.
The original message can be found here.
