Notification of cyber security incident with respect to DBG Global Enterprises Pty Ltd (DBG)
On 25 August 2024, DBG (and its related companies, including Apotex) became aware that a malicious third party had obtained unauthorised access to a DBG storage server and had exfiltrated data from that server.
The server contained clinical consent forms that were collected as part of in-pharmacy vaccination, pain clinic and bone density clinic services that Apotex provided to individuals between 2012 and 2015 (In-Pharmacy Clinics).
We sincerely regret that this has occurred, and wish to apologise to our In-Pharmacy Clinic patients for the incident. DBG promptly contained the incident and has investigated it as a matter of priority.
The types of information contained in the clinical consent forms include:
- names;
- phone numbers; and
- health information relating to services that were provided at the In-Pharmacy Clinic.
- In accordance with its obligations under the Privacy Act 1988 (Cth), DBG notified the Office of the Australian Information Commission of the incident on 16 September 2024.
Our In-Pharmacy Clinic patients do not need to take any further steps at this time, other than to always be alert to any unexpected or unusual communications they might receive, whether purported to be from DBG or from anyone you don’t know.
If you were a patient of any In-Pharmacy Clinic, we also want to highlight below some further general steps that will enable you to remain vigilant and abreast of cyber security threats:
- be vigilant in relation to calls, emails, text messages or contact through social media from persons that you do not know;
- wherever possible, ensure any accounts you use are protected through use of multi-factor authentication;
- check for recent unauthorised activity on email accounts, as well as settings for unknown forwarding addresses;
- say ‘no’ if people call posing as a credible organisation and request access to your computer;
- look out for contact from scammers who may have your personal information;
- never respond to, open, or click on, links in emails or text messages if they look suspicious or if you are unsure about the sender;
- subscribe to www.scamwatch.gov.au for the latest information about scams impacting the community;
- visit the OAIC’s website for further guidance on how to protect your identity: https://www.oaic.gov.au/privacy/data-breaches/respond-to-a-data-breach-notification; and
- review further general information (at https://www.cyber.gov.au/threats) on online safety, cyber security, scams, identity theft and other online risks.
If you wish to discuss this incident further, please do not hesitate to get in touch with us at cyber.support@dbg.com.