Holdsworth House recently experienced an IT outage affecting its Brisbane and Sydney practices. The outage was the result of a cyber incident, during which an unauthorised third party accessed a part of our IT systems.

Upon discovery we immediately took steps to secure our systems and engaged leading cyber security experts to provide advice. Our experts were able to quickly contain the incident and restore our systems, with minimal impact to our day-to-day operations.

Our practice remains fully operational, and our commitment to providing high-quality care is unchanged.

Our investigation into the incident remains ongoing.

Based on the information currently available, our patient management system, where full medical records are stored, has not been identified as one of the systems accessed by the unauthorised third party. However, the incident affected other parts of our IT environment, and as a result we are currently operating with limited access to some recent patient records and clinical records, as detailed further below.

Our experts have confirmed that they have not identified any evidence of publication or misuse of our data in relation to the incident. This monitoring is ongoing.

We have notified the Office of the Australian Information Commissioner, Australian Cyber Security Centre and law enforcement of the incident.

Cyber incidents are complex and take time to investigate accurately. We will provide relevant updates as soon as we learn more from our investigation.

What can you do?

To ensure we can continue to provide safe and appropriate care, we are undertaking a process of recollecting patient information. We kindly ask that you bring the following information to your next appointment, where available, for the period from August 2025 to now:

• medication lists, including any allergies;
• care plans or specialist referrals;
• pathology test results and imaging reports;
• vaccination or immunisation history;
• recent hospital discharge summaries;
• correspondence from other doctors, specialists or allied health professionals; and
• any other relevant medical information.

Our patient’s wellbeing is our highest priority.

Protecting your identity

As a precautionary measure, we recommend all patients remain vigilant and consider the following cyber safe best practices in respect of their personal data security:

• remain alert to any suspicious email, SMS or telephone communications that are disguised to look like they come from someone you know or trust;
• monitor accounts, including bank and Medicare records, for any unusual activity or transactions; and
• be alert to phishing scams. Phishing scams are attempts by scammers to trick people into providing their personal information, including passwords or credit card numbers often by creating a sense of urgency. These scams could target you through post, phone or email.

If you have any questions or concerns, please contact our dedicated support team at cyberIncident@holdsworthhouse.com.au.  We sincerely apologise for any concern or inconvenience the incident may cause, and we thank you for your understanding and support during this time.