We’ve become aware of unauthorised access to our email server. Between 10-28 April 2021, malicious software was installed on one of our email servers, which has now been removed. It didn’t affect our main patient database.
We carried out forensic analysis on the server and didn’t identify any evidence that any information has been obtained or misused by a third party. However the affected email server did contain some personal information which was potentially exposed for a period of time. The types of information on the server included names, phone numbers, addresses, dates of birth and health information (including dental photos and scans, procedure information, insurance claims, referrals and reports).