Further update in relation to recent cyber incident
In April 2026, we posted an update on our website in relation to a cyber incident Holdsworth House experienced, during which an unauthorised third party accessed a part of our IT systems.
What happened?
As soon as we become aware of the cyber incident, we engaged experts to provide us with advice.
We are now in a position where we know more about what occurred and can share accurate information to our community and patients.
Our experts have confirmed the incident is contained.
What have we done?
As previously advised, based on current information, we confirm that the patient management system, wherefull medical records are stored, has not been identified as one of the systems accessed by the unauthorised third party. We also have access to all our medical and clinical records that were unavailable for a period.
Separate to this, with the assistance of our experts, we carried out a comprehensive investigation into the incident and have identified that some personal information, stored on a different part of our IT systems, was potentially accessed by the unauthorised third party.
We have notified the Office of the Australian Information Commissioner, Australian Cyber Security Centre and law enforcement of the incident.
What information was potentially involved?
Given the nature of the incident, our cyber experts have advised they cannot ascertain with certainty whether individual files were accessed, so it is not practicable to notify members of our community individually. This is particularly so in circumstances where information may not have been impacted, which could cause undue alarm and potentially lead individuals to take a series of unnecessary steps.
However, we can confirm the types of personal information held on impacted systems includes contact details (name, email, address, phone number, dates of birth), health information (health summaries, discharge letters and referral letters), documents related to insurance matters (patient information requests from insurers), Medicare card information, Centrelink information, legal documents (subpoenas) and employee records (including tax file numbers). Please note that the type of information differs for individuals based on the type of information we have collected.
Importantly, we have ongoing monitoring in place, and at this time, there is no evidence of any data being published online or misused in connection with this incident.
What steps can you take?
Based on the types of information potentially accessed, we provide the below information:
Basic personal and contact information
Access to this information can lead to scam or phishing attempts.
In line with expert guidance, we provide the following steps that you may consider taking to mitigate cyber risks and online scams:
- remain alert to any suspicious email, SMS or telephone communications that are disguised to look like they come from someone you know or trust;
- monitor your bank statements closely for unusual transactions and advise your bank if you identify anything suspicious;
- verify communications by confirming the identity of the sender and avoiding clicking suspicious links. This includes checking email names and domains, by hovering your mouse over the sender’s email address. If you are unsure, ask someone you know to check before you share any information; and
- be alert to phishing scams. Phishing scams are attempts by scammers to trick people into providing their personal information, including passwords or credit card numbers often by creating a sense of urgency. These scams could target you through post, phone or email.
- Further information is available:
- Further information is available: www.scamwatch.gov.au - about how to avoid scams;
- www.cyber.gov.au - about online safety and cyber security; and,https://www.oaic.gov.au/privacy/your-privacy-rights/tips-to-protect-your-privacy/
- https://www.oaic.gov.au/privacy/your-privacy-rights/tips-to-protect-your-privacy/ - about how to protect your identity.
Health information
We understand individuals may have concerns. However, our experts have advised that there is a low risk that this information will be targeted for misuse. Cyber groups typically seek out other types of information that can be more easily manipulated for financial gain (such as active credit card information). If you experience any distress about this incident, we encourage you to contact our expert team using the contact details below or speak with a medical practitioner.
Medicare card information and Centrelink information
Our experts have advised that where only a Medicare card number or Centrelink Reference Number (CRN) on their own are involved in a cyber incident, this carries a relatively lower risk of harm (compared with scanned identification documents), as numbers alone are unlikely to be used to verify identity.
If you have concerns, we recommend that you contact Services Australia to obtain further information on how you can protect this information via the website https://www.servicesaustralia.gov.au/databreach. This may include placing additional authentication measures on your account.
Tax File Number (TFN)
As a precautionary step, we contacted the Australian Taxation Office (ATO) to notify it of the cyber incident. The ATO has implemented additional layers of protection on employee TFNs to minimise any risk of misuse. If you would like further information about steps you can take to further protect your TFN, contact the ATO Client Identity Support Centre on 1800 467 033 between 8am and 6pm AEST, Monday to Friday.
Superannuation information
When your superannuation information is involved in a cyber incident, we recommend that you contact your superannuation fund to advise that your details may have been compromised in a cyber incident and request information on how to place additional layers of security on your account, such as multifactor authentication.
When your superannuation information is involved in a cyber incident, we recommend that you contact your superannuation fund to advise that your details may have been compromised in a cyber incident and request information on how to place additional layers of security on your account, such as multifactor authentication.
Next steps
We sincerely apologise for any concern or inconvenience the incident has caused. The wellbeing of our staff, doctors, patients and community is our highest priority, and we are committed to providing you with the support you need in response to this incident.
If you would like further information on the incident, how it may impact you, or the steps you can take to protect your information, please contact our us at cyberincident@holdsworthhouse.com.au and our team of experts will respond as quickly as possible.
We thank you for your understanding and support during this time.
Important notice about a cyber incident
Holdsworth House recently experienced an IT outage affecting its Brisbane and Sydney practices. The outage was the result of a cyber incident, during which an unauthorised third party accessed a part of our IT systems.
Upon discovery we immediately took steps to secure our systems and engaged leading cyber security experts to provide advice. Our experts were able to quickly contain the incident and restore our systems, with minimal impact to our day-to-day operations.
Our practice remains fully operational, and our commitment to providing high-quality care is unchanged.
Our investigation into the incident remains ongoing.
Based on the information currently available, our patient management system, where full medical records are stored, has not been identified as one of the systems accessed by the unauthorised third party. However, the incident affected other parts of our IT environment, and as a result we are currently operating with limited access to some recent patient records and clinical records, as detailed further below.
Our experts have confirmed that they have not identified any evidence of publication or misuse of our data in relation to the incident. This monitoring is ongoing.
We have notified the Office of the Australian Information Commissioner, Australian Cyber Security Centre and law enforcement of the incident.
Cyber incidents are complex and take time to investigate accurately. We will provide relevant updates as soon as we learn more from our investigation.
What can you do?
To ensure we can continue to provide safe and appropriate care, we are undertaking a process of recollecting patient information. We kindly ask that you bring the following information to your next appointment, where available, for the period from August 2025 to now:
- medication lists, including any allergies;
- care plans or specialist referrals;
- pathology test results and imaging reports;
- vaccination or immunisation history;
- recent hospital discharge summaries;
- correspondence from other doctors, specialists or allied health professionals; and
- any other relevant medical information.
Our patient’s wellbeing is our highest priority.
Protecting your identity
As a precautionary measure, we recommend all patients remain vigilant and consider the following cyber safe best practices in respect of their personal data security:
- remain alert to any suspicious email, SMS or telephone communications that are disguised to look like they come from someone you know or trust;
- monitor accounts, including bank and Medicare records, for any unusual activity or transactions; and
- be alert to phishing scams. Phishing scams are attempts by scammers to trick people into providing their personal information, including passwords or credit card numbers often by creating a sense of urgency. These scams could target you through post, phone or email.
If you have any questions or concerns, please contact our dedicated support team at cyberIncident@holdsworthhouse.com.au. We sincerely apologise for any concern or inconvenience the incident may cause, and we thank you for your understanding and support during this time.