What happened in the Power Diary email breach?

Power Diary, an Australian practice management software company, experienced an email breach where an unauthorized party exploited its email-sending feature to send phishing emails to patients. The emails falsely claimed that recipients had won an NFT and cryptocurrency award, urging them to click on a link to claim the prize.

Was patient data compromised in the Power Diary breach?

Power Diary claims that no client data, including patient personal information or email addresses, was accessed by the hackers. However, given that phishing emails were sent, it is likely that at least email addresses were compromised.

What did the phishing emails sent in the Power Diary breach contain?

The phishing emails mimicked healthcare providers and falsely informed recipients that they had won an NFT and cryptocurrency award, encouraging them to click on a link to claim their prize. These emails appeared to be sent from the patients' GP practices.

Have the number of affected individuals or the exact nature of the attack been disclosed?

The number of affected individuals and the exact nature of the attack have not been disclosed by Power Diary.

What measures is Power Diary taking to prevent future incidents?

Power Diary is implementing additional security measures to prevent further unauthorized access to its systems, including securing the identified endpoint that was exploited during the breach.

Incident

Power Diary email system breached, causing phishing/spam emails to patients

Q: How did Power Diary respond to the email breach?

Power Diary notified all affected practices by email on 26 August 2024. The company identified the specific endpoint accessed by the hackers and is implementing additional security measures to prevent further unauthorized access.

published: Aug. 28, 2024

Learn More

Power Diary, an Australian practice management software company, experienced an email breach that led to patients receiving phishing emails mimicking their healthcare providers.

An unauthorized party gained access to Power Diary’s email-sending feature, exploiting its communication template system to send spam emails that appeared to be from the patients' GP practices. The phishing emails falsely informed recipients of winning a non-fungible token (NFT) and cryptocurrency award, urging them to click on a link to claim the prize.

Power Diary claims that no client data, including patient personal information or email addresses, was accessed by the hackers. Since emails were sent, it's quite possible that at least email addresses are stolen.

The number of affected individuals and the nature of the attack is not disclosed.

The company notified all affected practices by email on 26 August and identified the specific endpoint accessed by the hackers. Additional security measures are being implemented to prevent further unauthorized access.

Power Diary email system breached, causing phishing/spam emails to patients

Read More
LastPass stolen seed phrases used to steal $4.4 …
xAI employee leaked private API key on GitHub …
CreditRiskMonitor SaaS credit monitoring platform reports data breach
Flickr Discloses Data Breach Linked to Third-Party Email …
Eurofiber France reports data breach exposing data of …