Data Breach Information

We’ve become aware of a data security incident that may involve some patients’ personal information that sits on our practice’s email server.

Our investigation hasn’t identified any evidence that data was taken from the server, but we wanted to let impacted patients know out of precaution so you can keep vigilant to any suspicious behaviour.

We have contacted impacted patients but if you’re concerned, please contact us directly on privacy@symesdesilva.co.nz

What happened?

We’ve become aware of unauthorised access to our email server. Between 10-28 April 2021, malicious software was installed on one of our email servers, which has now been removed. It didn’t affect our main patient database.

We carried out forensic analysis on the server and didn’t identify any evidence that any information has been obtained or misused by a third party. However the affected email server did contain some personal information which was potentially exposed for a period of time. The types of information on the server included names, phone numbers, addresses, dates of birth and health information (including dental photos and scans, procedure information, insurance claims, referrals and reports).

What are we doing?

We’re working with a team of cyber security experts and have removed the malware from our systems. We’ve also taken steps to ensure the security of our practice network, including resetting all system passwords and ongoing active monitoring to ensure that our information security isn’t compromised.

We’ve also reported this data breach to New Zealand’s Office of the Privacy Commissioner.

What can you do?

As a precaution, we suggest patients remain alert for any suspicious messages and account activity, and contact the New Zealand Police and/or Netsafe (netsafe.org.nz) if you have any concerns.

We sincerely apologise for any anxiety and inconvenience this breach may cause, and wish to emphasise that this security breach hasn’t impacted the care we provide our patients.

If you have any other questions or concerns, please contact us directly by sending an email to privacy@symesdesilva.co.nz

You also have a right to make a complaint to the NZ Privacy Commissioner by calling 0800 803 909 or visiting https://www.privacy.org.nz/your-rights/making-a-complaint