Security Report – 19 Sep 2025

Exploit: Misconfiguration

Risk to Business: Moderate: The New South Wales Ministry of Health (NSW Health) confirmed an accidental leak of confidential documents belonging to nearly 600 medical staff members. The exposed data reportedly included personal details of current and former senior medical officers and other staff members. Due to an undisclosed misconfiguration on the South Eastern Sydney and Illawarra Shoalhaven local health districts’ websites, sensitive documents such as passports, driver’s licences, Medicare cards, professional credentials, registrations and work histories were accessible online. All exposed documents have since been removed from the websites, and a full investigation is underway. NSW Health has stated that forensic analysis is being conducted to determine the extent of the incident.

United States – US HealthConnect – Heathcare

Exploit: Third-Party Data Breach

Risk to Business: Moderate: Earlier this month, US HealthConnect, a provider of continuing medical education and promotional education to healthcare providers, disclosed a cybersecurity incident to the Texas Attorney General. The report indicated that an unauthorised third party may have accessed sensitive personal and protected health information. On January 25, 2025, the company identified suspicious activity within its computer network and brought in third-party cybersecurity specialists to investigate. The inquiry confirmed that an unauthorised actor had gained access to its systems and may have obtained certain data, including names and Social Security numbers. In response, US HealthConnect enhanced its security policies and procedures, adding further administrative and technical safeguards to defend against similar threats. The organisation is also offering affected individuals up to 24 months of complimentary credit monitoring and identity theft protection services.

Talk to a TCT team member today about implementing IT strategy plan for your business.