Potential Risks

Individually full name is a low risk identity attributes, however in combination with other information (such as address and phone number) scammers engaging you may appear more legitimate.

‍

Recommendations

You may see an increase in targeted phishing attempts via email, text messaging or telephone calls, where the scammer uses details specific to you (such as your name and date of birth for “verification”). For more information on phishing watch IDCARE's what is phishing video here --> https://www.idcare.org/how-to-videos/what-is-phishing.

Never click on links in emails or text messages, no matter how legitimate they appear. Do not be pressured to respond, whether it is by email, text message or telephone. If you want to know whether an organisation tried to get in touch with you, contact the organisation yourself using contact details you know are correct.

Keep being scam vigilant and stay across the latest scams by regularly visiting idcare.org, connecting with our social media, and subscribing to our free online newsletter Cyber Sushi. Another great resource is Scamwatch that collate lots of information and alerts about scams.

Information

The phone number will be the one provided to Quantum Radiology. This could be your mobile or a landline/home phone number.

‍

Potential Risks

The exposure of a phone number can leave you open to being targeted by spam or scam phone calls.

These can appear to be from legitimate phone numbers with local area codes.

They often claim to be an authority or organisation, such as the police, a telecommunication company or a government entity.

The scam-caller may frame the call with a sense of urgency, either in order to avoid a penalty (such as a payment or fine) or to receive a reward (such as a discount).

Scammers may send fraudulent SMS messages to the phone number. These may impersonate a legitimate organisation and include a link to a malicious download or scam website.

For more information on SMS scams please visit IDCARE's fact sheet --> https://www.idcare.org/fact-sheets/sms-scams.

‍

Recommendations

Keep being super vigilant about scams, particularly telephone and SMS scams. Having a little bit of information exposed (such as your full name, address, date of birth, or phone number) can make the job of scammers much easier when convincing people about their deception.

Do not feel pressured to respond to a call or text message. If you think a call may be legitimate, hang up and call the organisation back using details that you know are correct.  Do not accept that it is the real organisation because the Caller ID shows their correct number or name – these can be “spoofed” or masked to appear to be real.

Do not download apps or software (such as AnyDesk or TeamViewer), follow technology instructions, or allow remote access to your device to someone who has called you.

Do not click on links in text messages. Instead, contact the organisation using details you know are correct.

If you think a call may be legitimate, hang up and contact the organisation yourself using contact details you know are correct. Don’t automatically accept it’s the real organisation calling you because the caller ID shows their correct number or name: they can be manipulated to seem genuine.

Information

The physical address will be the one provided to Quantum Radiology.

‍

Potential Risks

For most individuals, physical addresses are considered low risk identity attributes. However, in combination with other attributes (such as your full name, date of birth, email address and phone number) scammers engaging you via email, SMS or telephone may appear more legitimate.

Reports made to IDCARE of cyber criminals physically attending a person’s address are very low. Most scammers and cybercriminals are not in Australia.

Some people can have specific concerns about the exposure of their address details, such as survivors of family and domestic violence or as a result of other personal reasons.

‍

Recommendation

You may wish to discuss your concerns around physical security. You may engage an IDCARE Case Manager with these concerns, please book a time via our Get Help for Individuals Form.

Information

This data breach event included the Medicare number supplied to Quantum Radiology.

‍ 

Potential Risks

Your Medicare card number may be used as a form of identity verification in order to create accounts in your name, including financial accounts, where the institution does not require driver licence or passport details to be provided for the account to be established.

Recommendations

IDCARE recommends that if you believe that the exposure of your Medicare card number presents a broader risk to other accounts (such as financial accounts), then you may wish to apply for a completely new card number using the Services Australia MS011 form. More information on this process can be found online at Services Australia. When completing the form, you will need to select “transfer to a new card”, and have everybody who is listed on your current Medicare card complete their details if they also wish to transfer to a new card number.

You may also wish to consider credit reports and credit bans as additional protective measures to protect against credit misuse

A Report Cyber number has been issued by the Australian Cyber Security Centre in relation to this incident. It is ACSC-8811. This report number can be used to extend the credit bans.

Information  

This includes practitioner name, title, speciality and provider number as well the medical centre contact details.

‍

Potential Risks

A Medicare Provider Number is low-risk identity information, however in combination with other information criminals could use this to appear more legitimate in impersonation scams. This increases the risk of targeted phishing attempts. Targeted phishing attempts could be made via email, text messaging or telephone calls with the criminal using details specific to you and your company. These attempts may include requesting you to update your provider details including those contained in your HPOS account.

Recommendations

IDCARE recommends logging onto your Health Professional Online Services (HPOS) account to check:

• your contact details and bank details are correct and up to date.
• your contact details (email address or phone number) are correct for your HPOS login one time verification code.

If you manage your claims using Medicare Online via MyGov, IDCARE recommends:

• Checking that your contact details, including email address and phone number remain unchanged and are correct.
• Ensure that your banking details registered with Medicare Online are correct and remain unchanged.
• Multi factor authentication is enabled.
• Your other linked services, such as ATO or Centrelink remain unchanged.

If you manage you claims using Medicare Easyclaim IDCARE recommends to:

• Checking that your contact details, including email address and phone number remain unchanged and are correct.
• Ensure that your banking details registered with Medicare Easyclaim. Are correct and remain unchanged.
• Ensure that you are maintaining strong security practices with your EFTPOS terminal.
• If you notice any significant changes in the operation of your EFTPOS terminal, contact the terminal provider immediately with the issue.