Published: 21 August 2024

*Updated: 27 August 2024

Further Important Security Update - 27 August 2024

We regret to inform you that we have become aware of a security incident affecting our retail operations Active Hearing Pty Ltd (trading as “bloom hearing specialists”, “TotalCare Hearing” and “Chris Laird’s YP Audiology”), HearClear Audiology Pty Ltd (trading as “HearClear Audiology”) and Hutchinson Audiology Clinics Pty Ltd (trading as “Brad Hutchinson Hearing”).  Employees and contractors of wholesale entities in Australia (and their other contacts) are also affected.

What happened?

On 5 July 2024, we became aware of a ransomware attack which encrypted data on several of our systems and impacted a number of our applications. We have since verified that there was unauthorised access by the threat actor and that they have stolen data from our network. There is an ongoing risk that the threat actor may publish the stolen data or disclose it to unknown third parties.

Further to the above, we understand that some or all of the stolen data has been (or will soon be) published on the dark web. We encourage individuals and organisations not to look for the stolen data on the dark web.  Doing so encourages criminal activity, may cause further harm to affected individuals and may put you at risk of committing cybercrime.

As soon as we became aware of the incident, we took immediate steps to contain it and secure our systems, and our response team is working hard to investigate and identify what personal information has been affected.

We have notified the incident to the Office of the Australian Information Commissioner, the New Zealand Office of the Privacy Commissioner and law enforcement in both countries and will continue to liaise with those authorities as appropriate.

Kinds of personal information concerned

Our current understanding is that a range of personal information of:

• prospective, current and former patients of Active Hearing Pty Ltd, HearClear Audiology Pty Ltd and Hutchinson Audiology Clinics Pty Ltd may be involved including name, address, contact details (including email addresses and phone numbers), date of birth, gender, health information (including audiograms and other hearing loss information, appointment details and notes and other patient records), insurance information (including account details and claims), other funding source information (including eligibility for workers compensation and government assistance), financial information (including bank account details), government related identifiers (including Medicare numbers, Centrelink numbers, DVA numbers, ADF numbers, NDIS numbers and Driver Licence numbers) and details of other contacts and their relationships to patients (including powers of attorney and next of kin); and

• current and former employees and contractors of Active Hearing Pty Ltd, HearClear Audiology Pty Ltd, Hutchinson Audiology Clinics Pty Ltd, WS Audiology ANZ Pty Ltd and Widex Australia Pty Ltd may be involved including name, signature, photograph, address, contact details (including email addresses and phone numbers), date of birth, gender, marital status, racial or ethnic origin, nationality or citizenship, financial information (including bank account details, credit card details, debit card details and payroll information), superannuation information (including account and insurance details), social services information (including types of payments such as parental leave and pensions), tax information (including tax file numbers and payment summaries), health information, government related identifiers (including Medicare details, Passport details and Driver Licence details), details of other contacts and their relationships to employees and contractors (including next of kin and children) and various other records (including employee ID and HR files relating to recruitment, background checks, contracts and roles, onboarding, remuneration and benefits, leave, performance, disciplinary action, termination and offboarding).

Some personal information of other individuals (such as healthcare professionals, other contacts and vendors) may also be involved including names, contact details (including email addresses and phone numbers), addresses, physician numbers, relationships of other contacts to individuals and financial information of vendors (including bank account details).

Investigations are ongoing and, if we confirm that other kinds personal information about individuals have been stolen by the threat actor, we will publish a further update on this webpage where required by law.

We know this is a concerning development but rest assured your privacy and security are of utmost importance to us. We sincerely apologise for any distress this incident may have caused.

Recommended steps affected individuals should take in response

You may see an increase in targeted phishing attempts via email, text messaging or telephone calls, where the scammer uses details specific to them. The kinds of personal information affected may increase the likelihood of you also being targeted by identity-related crime (including identity theft and identity fraud), cyber scam activities and extortion attempts (where criminals contact you and threaten to publish your personal information unless you provide payment to them). That being so, we recommend that you:

• Be cautious before clicking on links or opening attachments in unsolicited or unexpected emails or messages, no matter how legitimate they appear.
• Do not be pressured to respond, whether it is by email, message or telephone. Instead, contact the organisation directly using contact details you know to be correct.
• Be cautious before providing personal or credential information (and never do so in response to an extortion attempt). Any extortion attempts should be reported to law enforcement using the details below.
• Do not follow technology instructions, including instructions to download apps or software, or give remote access to your computer or mobile device.
• Be cautious before providing any financial or superannuation account details or any payment (and never do so in response to an extortion attempt). Any extortion attempts should be reported to law enforcement using the details below.
• Protect your accounts with multifactor authentication, including financial, superannuation, insurance, government, email, work and social media accounts.
• Log yourself out of those accounts and change your passwords.
• Use unique and strong passwords.
• Contact government agencies, your telecommunications providers, utilities providers, insurance providers, superannuation and financial organisations to advise them you have been affected by this incident and request additional security be placed on your account.
• Contact your employer to advise them you have been affected by this incident and request that additional security be placed on your personal details (including contact details, address, banking and superannuation details).
• Install antivirus software on your devices and keep them updated with the latest software. This will not prevent all cybercrime, but will reduce the risks. You will still need to remain vigilant.
• Regularly review your account details and security settings for any online accounts. Check that your contact details are correct, and changes have not been made to any linked bank accounts or other services.
• Monitor your account statements, and obtain a copy of your credit report, to check for any suspicious activity. You should report any suspicious activity and, if you suspect fraud or wish to take additional protective measures, you should consider also requesting a ban on your credit report.

To support you during this time, we have partnered with IDCare, Australia and New Zealand’s national identity and cyber support community service. Further information about risks and recommendations, including specific recommendations relating to some of the categories of personal information listed above, are included on a dedicated support page setup for individuals affected by this incident on the IDCare website at https://www.idcare.org/bloom-hearing-specialists-incident-response, and we recommend that you review this information carefully.

In addition to the dedicated support page referred to above, IDCare’s expert Case Managers can assist with any concerns related to personal information risks. These services are provided at no cost to you and we recommend that you use them. You can complete an online Get Help form at www.idcare.org or call 1800 595 160 (AU). A unique referral code will be provided to you if you are impacted by this incident.

If you experience distress, we also recommend seeking mental health support from your doctor or other available support services, examples of which are included below. In an emergency, please call 000.

Other information and resources

Other information and resources are available, including from:

• the Office of the Australian Information Commissioner (see https://www.oaic.gov.au/privacy/your-privacy-rights/data-breaches/data-breach-support-and-resources);
• IDMatch (see https://www.idmatch.gov.au/individuals/data-breach);
• the National Anti-Scam Centre (see https://www.scamwatch.gov.au/); and
• the Australian Cyber Security Centre (see https://www.cyber.gov.au).

Any individual can report a cybercrime or incident affecting them or someone they know by calling 1300 292 371 or online here: https://www.cyber.gov.au/report-and-recover/report .

Mental health support is also available, including from:

• Lifeline – 13 11 14;
• Kids Helpline – 1800 55 1800;
• Mental Health Crisis Assessment and Treatment Team in your State/Territory; and
• Beyond Blue – 1300 224 636.

Please continue to stay alert and report any suspicious activity. Please also monitor our websites, and the dedicated support page on the IDCare website, for any further updates. If you have specific concerns or wish to seek further guidance, please contact IDCARE via the means above. If IDCARE cannot assist you, or you have further concerns once you’ve contacted IDCARE, you can contact us directly on support@bloomhearing.com.au.

For media enquiries please contact Brigid Glanville +61 407 210 976 / bglanville@gracosway.com.au , Joel Labi +61 450 582 360 / jlabi@gracosway.com.au or Tom Scambler +61 400 335 460 / tom.scambler@gracosway.com.au .

Further Important Security Update - 21 July 2024

We regret to inform you that we have become aware of a security incident affecting our retail operations trading as “bloom hearing specialists”, “TotalCare Hearing”, “Chris Laird’s YP Audiology”, “HearClear Audiology” and “Brad Hutchinson Hearing”. A dormant entity in Australia is also affected. 

On 5 July 2024, we became aware of a ransomware attack which encrypted data on several systems and impacted a number of our applications. The threat actor also claimed to have stolen data from our network, although so far this has not been verified. As at the date of this notice, however, we do know there was unauthorized access by the threat actor. As soon as we became aware of the incident, we took immediate steps to contain the incident and secure our systems, and our response team is working hard to investigate and identify what personal information has been affected by this incident.

We have notified the incident to the Office of the Australian Information Commissioner, the New Zealand Office of the Privacy Commissioner and law enforcement in both countries and will continue to liaise with those authorities.

Our current understanding is that a range of personal information of:

• current and former patients of “bloom hearing specialists”, “TotalCare Hearing”, “Chris Laird’s YP Audiology” and “HearClear Audiology” may be involved, including name, address information, contact information, date of birth, gender, insurance information, health information, financial information and government related identifiers; and
• employees and contractors may also be involved (if you are a former employee or contractor of any of the above retail operations, “Brad Hutchinson Hearing” or of the dormant entity, Widex Australia Pty Ltd, please click here).

Some personal information of other individuals (such as healthcare professionals, other contacts/powers of attorney of patients, vendors and next of kin of employees/contractors) may also be involved including names, contact information, address information, relationships to patients or employees/contractors, physician numbers and financial information of vendors.

At this stage, we believe the incident was restricted to our retail operation’s systems and did not impact our wholesale networks.

Investigations are ongoing and we are still assessing the categories of information that may be impacted. We will publish further updates on the categories of information affected and any risks we identify as we find out more.

We know this is a concerning development but rest assured your privacy and security are of utmost importance to us. We sincerely apologise for any distress this incident may have caused.

If we confirm that any individual’s personal information has been exfiltrated by the threat actor, we will write to those individuals to confirm this and recommend steps those individuals can take to protect themselves, where required by law and provided we have a means of practicably doing so.

In the interim, we urge all our patients and others potentially affected by this incident to be vigilant regarding all online and phone communications and transactions. Please consider updating your passwords and activate multi-factor authentication wherever possible, and maintain good online safety practices, including avoiding opening messages or clicking on links from unknown senders.

To support patients and others potentially affected by this incident during this time, we have also partnered with IDCare, Australasia’s national identity and cyber support community service. Their expert Case Managers can assist with any concerns related to personal information risks. These services are provided at no cost to you. You can complete an online Get Help form at www.idcare.org or call 1800 595 160 (AU). A unique referral code will be provided to you if you are impacted by this incident. Along with IDCare, the Privacy Commissioners’ offices have good resources regarding what you can do to protect yourself and also receive complaints (for Australia, see https://www.oaic.gov.au/).

Please continue to stay alert and report any suspicious activity. If you believe that you may be impacted by the incident, please monitor our website for further updates. Alternatively, you may contact us in relation to the incident by emailing support@bloomhearing.com.au.

On 5 July 2024, we detected a security incident after we were contacted by a third-party claiming to have stolen data from our network which has impacted several applications.

We took immediate steps to contain the incident and are working around the clock to investigate and understand what kinds of information have been affected by this incident and the likely impact on any affected individuals.

Our current understanding is there is a likelihood a range of personal information of:

• patients may be involved, including name, address information, contact information, date of birth, gender, insurance information, health information, financial information and government related identifiers.
• employees and contractors may also be involved, including name, address information, contact information, date of birth, financial information, superannuation information, social services information, tax information and government related identifiers.

Some personal information of other individuals (such as healthcare professionals, other contacts/powers of attorney of patients, vendors and next of kin of employees) may also be involved.

We will provide further updates as soon as practicable, and all information provided is subject to further confirmation following the completion of forensic investigations.

The privacy of patients, staff and others is of great importance to us, and we sincerely apologise for any distress this incident has caused. We urge our patients, staff and others potentially affected by this incident to be vigilant regarding all online communications and transactions, including phishing via email, SMS or phone, not opening texts from unknown numbers, and to consider updating your passwords to use strong passwords and activate multi-factor authentications.

We will identify any other recommended steps that individuals might take to reduce the risk that they experience serious harm as a result of this incident once we have confirmed what kinds of information have been affected by this incident and the likely impact of this incident on any affected individuals.

If you believe that you may be impacted by the incident, please monitor our website for further updates. Alternatively, you may contact us in relation to the incident by emailing support@bloomhearing.com.au.