What to do if you’ve been affected by the recent Medibank Private and AHM data breach

Data breaches have been a hot topic for a while, Optus and Medibank have been 2 of the largest data breaches in Australian History and there are many more I am sure that have not been reported, not of the same scale necessarily.

Optus and Medibank data breach were based on different methods of access.  In the Optus case the data they contained is exposed to other legitimate 3rd parties (like rebranded Optus resellers) that need to exchange information, just like the way your practice information system links to Hicaps/Tyro which then communicates to the health funds where they need to link up what information you are providing to what they have.  It is just in this case with Optus it wasn’t protected like other systems are.

More information available here: How Did the Optus Data Breach Happen? | UpGuard

In Medibank’s case it was far worse, they had gained access to their internal systems through the theft of login credentials of someone with high level of systems access.  They could have been connected for an unknown period as they had the right access they needed to place their own backdoors into the system.  (Note in most cases where we maintain a separate server, the credentials for that server are usually kept with us at Data Vision and very rarely provided to the practice itself or any third party.  If access is needed, we provide access to the practice or 3rd party vendor)

More information available: Three Law Firms Team Up to Seek Compensation From Medibank for Data Breach (gizmodo.com.au)

Some of you would have received an email from Medibank regarding Health provider details, including names, provider numbers and addresses being accessed.

Below is a note from the following page: Provider cyber event information | Medibank

As a Provider viewpoint:

Your health provider number: Services Australia has advised the following:

A Medicare provider number uniquely identifies both the provider and the place they work. These are publicly available numbers that are printed on health certificates, and patient referrals and invoices.

Please be assured a provider number is not enough information for a criminal to access Medicare records or claiming systems. These claiming systems include security measures to prevent unauthorised access.

As an additional measure of security, if providers need to update their bank account details, this can be done online through HPOS – Services Australia.

If you’re concerned that your provider number has been exposed, you don’t need to request a new provider number. If you suspect someone may be committing fraud against Medicare, you can report it on the Reporting fraud – Contact us – Services Australia.

As a Patient viewpoint:

What to do if you’ve been affected by the recent Medibank Private and AHM data breach:

Please be assured people can’t access your Medicare details with just your Medicare card number.

If Medibank Private or AHM has advised you that your Medicare card number was exposed and you’re concerned, you can replace your Medicare card.

The easiest way to do this is by using your Medicare online account through myGov. Find out how to replace your Medicare card online.

We’re also putting in place additional security measures to protect your information.  The above information is from: What to do if you’ve been affected by the recent Medibank Private and AHM data breach (servicesaustralia.gov.au)

Protecting your personal information after a data breach:  Protecting your personal information after a data breach – Managing your money – Services Australia

What I would do personally as an individual/business:

If both my drivers licence details and Medicare details were exposed, I would replace both.  Why?  Both sets of information usually form identification and can be used for Identification theft purposes.

There is help if you feel identity theft has already occurred: Medibank (idcare.org) 

The link above has some great reading and breaks it down into Current Scam Activity, Precautionary measures etc.

Below is more information for Driver’s licence regarding the Optus breach:

Replace drivers licence: Driver Licence information (optus.com.au)  & Service SA – Optus Data Breach

My 2 Top tips are:

Number 1: Place multi-factor authentication on emails, bank accounts, external access to your work network basically any internet facing applications.  It might take an extra 10 seconds each time, but it will save a lifetime of regret!

 Number 2: If the email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe. Never enter your username or password!

Side note: Fingerprint authentication – not recommended and I will explain why.  I was driving my 21-year-old son and one of his friends, during conversation we talk about many things and his friend mentioned he drank too much at a Christmas party for a Law firm he works for (he said possible drugging but who knows).  He was walking down Rundle Mall late afterwards and ended up passing out.  While passed out someone managed to get into his phone by using his thumb/finger print and could gain access to the phone, messages etc.  They did try to access his bank accounts but didn’t manage to get through, they got close.  I would say the same goes for facial recognition.

Some further reading:

This resource is from Business SA and is a quick read but contains some very important information:  How to avert a cyber attack: The 8 essential areas to focus your efforts | Business SA (business-sa.com)

Other useful links: ACSC Homepage | Cyber.gov.au & For small business Small & medium businesses | Cyber.gov.au

Optus and recent Data breach

Unless you don’t read the news, you would be well aware of the recent data breach that happened at Optus.  It can happen anywhere and sadly they do get smarter and most of us Humans are too trusting.

We are an Optus customer with the business, we have over 10 services with them for mobiles and more then likely all the information about me personally is on the files, not my staff but my own.

Am I worried?  Very much so!

Am I going to panic?  Not at this stage but I am going to be very vigilant on what comes across my emails and mobile phone.

So if you are an Optus customer, read on and take into account the article I have a link to below from the ABC website which is quite useful and has some useful links.

“Information which may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s licence or passport numbers,” the telco said in a statement at the time.”

Below is a link from the ABC news which is worth a read even if you are not an Optus customer.

https://www.abc.net.au/news/2022-09-23/optus-breach-what-to-do-if-your-id-passport-license-stolen/101468406?utm_campaign=abc_news_web&utm_content=link&utm_medium=content_shared&utm_source=abc_news_web

Quick summary:

What should Optus customers do now?

Optus is still encouraging customers to be “extra vigilant”.

The telco company says this means:    

Look out for any suspicious or unexpected activity across your online accounts and report any fraudulent activity immediately to your provider

Look out for suspicious emails, texts, phone calls or messages on social media

Never click on any links that look suspicious or provide passwords, personal or financial information

Scamwatch has advised Optus customers to secure their personal information by changing online account passwords and enabling multi-factor authentication for banking.

Australian Consumer and Competition Commission (ACCC) said any Optus customers who suspect they are victims of fraud should request a ban on their credit records and be highly sceptical of unexpected calls from people claiming to represent banks or government agencies.

Goodluck, be vigilant

And remember, if you ever click on a link and it asks you for your username and password to your email, never provide it unless you are 200% sure it is valid and even then, think about it and double check.  I know one if the simplest hacks is they ask you to click on a link and then enter your details to read a document they sent.

The above link does not ask you for anything.

Posted in IT

Managed IT Services from $6 per day

A dentist would never simply treat symptoms.

They practice preventative dentistry in an effort to give their patients the best quality care. IT management should be tackled in the same way. A proactive, preventative approach boasts efficiency, performance and availability saving you downtime and money.

Backup monitoring is included in the basic plans.  For more information contact us on 08 82771 6333 or email.

Scale and Clean for the PC

As a practitioner, you are no doubt highly aware of hygiene and cleanliness in your practice but have you looked inside your PC’s lately?

The pictures shown below are from a computer that we recently repaired.  The dust was so thick over the fan on the CPU it caused it to be ineffective and stopped the fan from cooling the CPU.  The temperature rose from a standard 40 degrees up to 98 degrees within 10 minutes.  This also caused the hard disk to fail so badly we were lucky to get any data to transfer.

You and your staff are the engines of your business success but your PC’s are the engines of your practice management. If your server crashed, how do you find your patient records, appointments, charts or financial records, how do you bill a patient?

If you have been diligent with your backups you will get yesterdays data back, if you have not you can probably kiss your business goodbye.

All PCs can benefit from a little regular physical housekeeping. You see, a PC’s constantly whirring fans draw in a huge volume of air. Even in a seemingly clean environment, the amount of dust and dirt that can build up inside a PC’s case is nothing short of astonishing. This layer of dust literally acts like a sweater on your PC’s delicate electronics, preventing them from getting rid of their heat, and heat is the enemy of all electronics.

At best, excess heat will shorten the life of a PC; if allowed to worsen, it may cause erratic behaviour, data errors, spontaneous reboots, and other intermittent problems; and in the worst cases, a PC can literally cook itself to death.

Damp air and moisture can also damage a dusty PC as the dust can absorb moisture and cause the internal components to short out or corrode.

It is a good idea to get your computer hardware maintenance checked and cleaned regularly to avoid down time and loss of data.  I would suggest a clean out every 12 months.

Picture5Picture4Picture6

 

Recent Observations by Davide

When ever I go onsite, 95% of time I get oh while you are here can you….  If time permits I usually get it sorted pretty quickly or organise for one of the staff to remote in.

Recently I was providing some training for SMS messages, I thought I would check the backups (even with out asking) after some of the recent events we have had.  Well sure enough there were errors and from what I could determine backups hadn’t run for over 3 months or longer.  What made it worse was that they had an oasis upgrade plus x-ray software installed sometime after the original backup process was setup 4 years ago.  That information was not being backed up.  Staff changes didn’t help the matter and no formal training or hand over was given.

I quickly fixed it up and spoke to the staff member and let her know what was going on.

I just can not emphasise enough how important regular maintenance of the server and its backup needs to be done every 3 months.  Data restoration testing should be carried out regularly where the backup drives/devices can be sent into us for testing.

Call us to book an onsite server check where we will check security updates, patches, general hardware health, backups and we will take a backup drive away for testing at our office and return it by express post.

The value of having a Real-Time Disaster Recovery solution

With the world events, disaster recovery is now top of mind for many practice owners. Like insurance policies, waiting until after the disaster strikes is too late. Disasters are not always due to natural events, let’s explore an everyday problem that can quickly escalate in to a disaster situation.  It is 11:31am – your critical Server has just crashed. What do you do? Hopefully your server is repaired / replaced by 3pm, it then takes 4 – 6 hours to re-install the operating system, service packs, applications, updates, etc. It takes another 8 hours to restore your data back from tape. Your practice has no access to the appointment book for the whole day and you have just lost several hours of financial and clinical transactions, what is the business impact? How much information have you just lost? How much money have you lost?

There is an easier, faster and more affordable solution now available, StorageCraft® ShadowProtect® with VirtualBoot™ technology. That same server, regardless of its size, can now be restored by typically 11:35 to its ExactState™ from less then 30 minutes ago, delivering previous unattainable levels of business continuity for all your Windows servers, including database servers etc. Additionally, files can be restored in seconds, and it includes automated migration capabilities starting from just $770 ex GST per server.

Posted in IT

Support for Windows 7 has ended

After 10 years, support for Windows 7 ended on 14 January 2020. We know change can be difficult, so we are here to help you with recommendations for what to do next and to answer questions about end of support.

As of 14 January 2020, your computer running Windows 7 will still function but Microsoft will no longer provide the following:

  • Technical support for any issues
  • Software updates
  • Security updates or fixes

 

While you could continue to use your PC running Windows 7, without continued software and security updates, it will be at greater risk for viruses and malware. Going forward, the best way for you to stay secure is on Windows 10. And the best way to experience Windows 10 is on a new PC. While it is possible to install Windows 10 on your older device, it is not recommended.

Microsoft ends support for Windows XP & Office 2003

On April 8, 2014, support and updates for Windows XP and Office 2003 are no longer available. Don’t let your PC go unprotected.

If you continue to use Windows XP after support ends, your computer will still work but it might become more vulnerable to security risks and viruses. Also, as more software and hardware manufacturers continue to optimize for more recent versions of Windows, you can expect to encounter greater numbers of apps and devices that do not work with Windows XP.

An unsupported version of Windows will no longer receive software updates from Windows Update. These include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software, which can steal your personal information. Windows Update also installs the latest software updates to improve the reliability of Windows—new drivers for your hardware and more.
What to do immediately:

  • Call us to check your current computers do have the latest security updates applied
  • Ensure your Anti Virus software is updated to the latest version and Virus signature is updated
  • Adobe is updated to the latest version and security updates
  • Java is updated to the latest version and security updates
  • Use of Google Chrome or other browser as Internet Explorer 8 lacks compatibility with new websites
  • Budget for either upgrades to existing computers or purchase of new computers
  • Budget for possible digital equipment requiring replacement as there are no longer drivers or support for Windows 7 and higher
Posted in IT

Data Vision Australia announced as ADASA Business Partner for IT services to their members

Featured

ADASAlogoData Vision Australia win the tender for information technology services to the South Australian members of the Australian Dental Association (ADASA).

Special Offers for ADASA members include:

  • Data Vision Australia will offer the Association’s members a free IT ‘check-up’.  This consultation will analyse members’ current IT practice management and IT systems and suggest any possible improvements.  Excludes any travel costs to any practices outside of the Adelaide Metropolitan area