As previously advised, we are aware that credentials used to access I-MED's referrer portal were made publicly available. These external accounts are used by referring medical practitioners and other health professionals in providing patient care, including in emergency medical situations.

At this stage, we believe at least some of these external account credentials were compromised by Infostealer malware embedded in browsers on the devices used by those referring medical practitioners and other health professionals.

Immediately after becoming aware of the leaked credentials, I-MED mobilised a senior team led by our CEO to respond and investigate. I-MED suspended the relevant accounts, contacted accountholders, and forced password resets.  We have advised the Office of Australian Information Commissioner (OAIC) and are working closely with the National Office of Cyber Security and ASD.

At this stage, we have not identified significant unusual access to patient data.

I-MED is continuing to investigate whether there has been any unauthorised access to patient data, beyond the access reported to have been made by an anonymous source. 

I-MED has already further strengthened its system surveillance and is continuing to work with cyber experts to enhance system security. We have been in contact with our referrer community and are working with them to strengthen log-in processes across our referrer network.

We thank the I-MED community for its patience as we continue to investigate. Our priority is the safety, security and protection of our people, patients and referrers.  We thank our referrers for their cooperation as we collaborate on this process.

Should you have any questions please contact privacy@i-med.com.au or continue to monitor this webpage for updates.

Published 26 September 2024 and updated 7 January 2025