This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Bloom Hearing Specialists

Summary

Bloom Hearing Specialists, which operates hundreds of audiology clinics across Australia and New Zealand, suffered a ransomware attack affecting tens of thousands of current and former patients, staff, and contractors. Discovered on July 5, 2024, the breach exposed extensive sensitive data including medical records, financial information, and identity documents. The company delayed notifying affected individuals until late August 2024, with stolen data published or threatened to be published on the dark web.

What Happened

On July 5, 2024, Bloom Hearing Specialists discovered a ransomware attack that had encrypted their systems and exfiltrated extensive sensitive data. The attackers deployed ransomware that both locked the company's systems and stole data for extortion purposes—a common double-extortion tactic used by modern ransomware gangs.

The company published an initial "important security update" on its website on July 9, 2024, but did not begin notifying affected individuals until late August 2024—approximately six weeks after discovering the breach. This significant delay raised concerns about the timeliness of breach notifications and whether affected individuals had adequate time to protect themselves.

The ransomware gang threatened to publish the stolen data on the dark web if ransom demands were not met, and subsequently carried out this threat, making sensitive patient and employee information publicly accessible to criminals.

Impact on Individuals

The breach exposed extraordinarily comprehensive personal and medical information including:

  • Medical and health records, including hearing assessments and treatment history
  • Financial information: bank account details and credit card numbers
  • Government identity documents: Medicare cards, passports, driver's licenses
  • Insurance information and policy details
  • Contact information: names, addresses, phone numbers, emails
  • Do Not Resuscitate (DNR) plans
  • Wills and estate planning documents
  • Next-of-kin information
  • Employment records for staff and contractors

The exposure of medical records is particularly concerning as hearing loss and treatment history can reveal information about age, health conditions, and disabilities that could be used for discrimination. The combination of financial data and identity documents creates severe risks for fraud and identity theft.

The dark web publication of this data means it remains permanently accessible to criminals, creating long-term risks for affected individuals who must remain vigilant indefinitely.

Organisational Response

Bloom Hearing Specialists notified the Office of the Australian Information Commissioner (OAIC) and law enforcement agencies in both Australia and New Zealand. The company operates under multiple brands including Bloom Hearing Specialists, HearClear Audiology, and Brad Hutchinson Hearing across hundreds of clinics.

The company provided notification letters to affected individuals beginning in late August 2024, approximately six weeks after discovering the breach. This delay in notification was criticized as potentially compromising affected individuals' ability to take timely protective measures.

Bloom worked with cybersecurity specialists to investigate the breach scope and implement security improvements, though the extensive nature of the compromised data and the dark web publication represent significant ongoing risks for affected individuals.

[extra.impact] affected_individuals = 0 individuals_note = "" data_volume_gb = 0 record_count = 0 financial_cost_total = 0 ransom_demanded = 0 ransom_paid = 0 estimated_remediation = 0 downtime_hours = 0 downtime_note = "" +++

Verification Source: View original statement