Sydney Centre for Ear, Nose & Throat (SCENT)

Summary

The Sydney Centre for Ear, Nose & Throat (SCENT) discovered on 6 November 2025 that its reception and administration email account had been compromised following the detection of phishing emails sent from that account. The medical centre took a precautionary approach by notifying all patients with emails sent or received through the account about potential access to personal information including appointment details, health summaries, referrals, treatment plans, medical histories, diagnoses, and personal details.

What Happened

SCENT became aware that its reception and administration email account was likely subject to unauthorised access after phishing emails were sent from the compromised account. Upon discovery on 6 November 2025, the organisation immediately undertook containment and remediation actions. The compromised email account typically contained appointment details, health summaries, referrals, and treatment plans for patients.

Impact on Individuals

Patients who had emails sent or received through SCENT's reception and administration email account were potentially affected. The information that may have been accessed included names, dates of birth, addresses, medical histories, diagnoses, and treatment plans. SCENT emphasised that they had no evidence that any particular personal information was specifically accessed but took the precautionary approach of notifying all potentially affected individuals.

Organisational Response

SCENT immediately undertook containment and remediation actions upon discovering the compromised email account. On 6 November 2025, the organisation began notifying patients about the potential security issue as a precautionary measure. SCENT clarified that whilst there was no evidence of specific data access, they chose to inform all individuals with communications in the affected email account about the possibility of personal information exposure.