Security Breach Exposes Confidential Data of Bloom Hearing Specialists Customers
On July 5, Bloom Hearing Specialists, an audiology services provider operating in Australia and New Zealand, experienced a ransomware attack that resulted in the theft of sensitive data belonging to both current and former patients and staff. The breach was not immediately disclosed to affected individuals, with the company only publishing an “important security update” on its website on July 9. However, customers reported to The Epoch Times that they only received email notifications from the company on August 22, over a month after the breach occurred. The delay in notification has raised concerns among customers, who worry about an increased risk of phishing attacks during this period.
Bloom Hearing operates numerous clinics under its own brand, as well as other brands like HearClear Audiology and Brad Hutchinson Hearing. While the company is ultimately owned by T&W Medical, neither the name T&W Medical nor its associated Australian Company Number are found in the ASIC or Australian Business Register databases. This lack of information raises questions about the company’s ownership and accountability.
The stolen data includes a wide range of personally identifiable information (PII) such as names, addresses, phone numbers, birth dates, and gender. Additionally, health information including audiograms and other hearing loss records, as well as insurance details and financial information, such as bank account details, were compromised. The breach also exposed individuals’ government-related identifiers, including Medicare numbers, Centrelink, DVA, ADF, NDIS, and driver’s license numbers. Furthermore, details of other contacts and their relationships to patients, tax file numbers of employees, and salary information were also taken. The extent of the stolen data makes this breach one of the most extensive to date.
Bloom Hearing has urged affected customers to contact ID Care, a charity that offers identity and cyber support services in Australia and New Zealand. ID Care provides general recommendations and guidance to help individuals navigate the aftermath of a data breach. The audiology services provider has also admitted the risk of the threat actor publishing or disclosing the stolen data to unknown third parties.
Despite taking immediate steps to contain the breach and secure their systems, Bloom Hearing has faced criticism for the over-month-long delay in notifying affected individuals. This delay has heightened concerns about the potential for phishing attacks targeting customers. The company has now informed the Office of the Australian Information Commissioner, the New Zealand Office of the Privacy Commissioner, and law enforcement agencies in both countries about the incident.
As investigations into the breach continue, more details are expected to emerge. Bloom Hearing has assured affected individuals that its response team is working diligently to identify the extent of the personal information that has been compromised. In the meantime, the company has provided resources for mental health support and assistance through ID Care. It is crucial for affected customers to remain vigilant and take necessary precautions to protect themselves from potential cyber threats stemming from this security breach.
In conclusion, this incident serves as a reminder of the increasing frequency and severity of cyber attacks targeting businesses and the potential consequences for individuals whose personal information is compromised. Companies must prioritize robust cybersecurity measures and timely communication with affected individuals to mitigate the risks associated with data breaches.
