On 25th August, some patients received SPAM emails appearing to come from their healthcare provider. These were unauthorized but no patient data was accessed.
What Happened?
This page is to inform you about a recent security issue that may have affected you.
On 24th/25th August, an unauthorized party gained access to an email-sending feature on our platform, which is used by your healthcare provider. This allowed them to send out SPAM emails that may have appeared to come from your healthcare provider. These emails were generated using a system that automatically included your name or other details - making it seem as if the sender had access to your personal information.
It is extremely unfortunate that this event occurred, however, we want to reassure you that no personal information was accessed by the unauthorized party. The system used to send these SPAM emails only inserted details like your name and email address after the email was sent, meaning the sender never actually saw or had access to this information.
The content of these emails mentioned winning an NFT and cryptocurrency award, and encouraged clicking on a link to claim this fake prize - fairly typical of low-level spam emails that attempt to convince users to click on links and share their details. There were also emails sent that referenced an attachment, although there were no attachments included in these emails.
We understand how alarming this might have been.
We deeply regret any confusion or concern this may have caused and want to address any questions you might have.
Frequently Asked Questions (FAQs)
- Did the unauthorized party see my personal information?
No, the unauthorized party did not have access to your personal information. The emails were sent using a system that automatically filled in details like your name after the email was triggered. This means that while the email might have included your name, the sender never actually saw or had access to it. - Was my medical or health information accessed?
No, your medical or health information was not accessed. The unauthorized party was only able to send emails using a system-generated ID number. They did not have access to any of your medical records, health history, or other sensitive information. - Why did I receive an email promoting NFTs or cryptocurrency?
The unauthorized party used our email-sending system to send out bulk SPAM messages. These emails were made to look as though they came from your healthcare provider, but they were not legitimate messages from them. Most emails referenced NFTs or cryptocurrency. There were also some emails sent that referenced an attachment, although there were no attachments included in these emails. - What should I do if I clicked on a link in the email?
If you click on links contained in SPAM email, we recommend that you take a few precautions:
- Do not provide any personal or financial information.
- Monitor your financial accounts for any suspicious activity.
- Consider running a virus scan on your device to check for malware.
If you have any concerns, it may also be wise to change your passwords as an extra precaution.
- Will this happen again?
We are taking this incident very seriously and are conducting a thorough investigation to understand how it happened. We are also implementing additional security measures to prevent something like this from happening in the future. - Should I contact my healthcare provider?
There’s no need to contact your healthcare provider unless you have specific concerns or questions. They have been informed of the situation and are aware that you may have received one of these emails. However, if you feel more comfortable discussing this with them, they will be able to assist you. - What is being done to prevent this from happening again?
We are actively working to enhance our security measures to ensure that our systems are protected against any unauthorized access in the future. This includes strengthening our email systems, monitoring for unusual activity, and reviewing our security protocols. - Can I trust future emails from my healthcare provider?
Yes, you can continue to trust emails from your healthcare provider. This incident was an isolated event, and we are doing everything we can to secure our systems and prevent further unauthorized activity. If you ever receive an email that seems suspicious, you can always contact your healthcare provider directly to verify its authenticity.
-
How can I stay safe online?
To stay safe online, it's important to:
- Be cautious of unsolicited emails, especially those asking for personal or financial information.
- Avoid clicking on links from unknown or unverified sources.
- Regularly update your passwords and use strong, unique passwords for different accounts. - Who can I contact for more information?
If you have any further questions or concerns, please feel free to contact your healthcare provider or reach out to our support team. We are here to help and will do our best to address any concerns you may have.