JewishCare New South Wales, a healthcare organization serving the Australian Jewish community, has reported a major data breach that compromised sensitive information. On October 28, JewishCare discovered the breach, identifying that personal data had potentially been exfiltrated and, in some cases, posted on the dark web. The exposed data covers a broad spectrum of individuals associated with the organization, including current and former clients, staff, volunteers, donors, and suppliers, each affected to varying degrees depending on their relationship with JewishCare.
For clients, compromised information could include birthdates, contact details, identity documents, financial records, medical data, and even sensitive legal documents, such as court orders and do-not-resuscitate directives. Donor data involved contact information, donation histories, and, in some cases, personal experiences shared with JewishCare. Staff and volunteer records were also exposed, containing onboarding documents, government-issued ID scans, payroll details, and background checks, while supplier data included payment information and business records. The scope of compromised data for each individual may vary, and JewishCare has reached out to notify those confirmed to be impacted, as well as individuals potentially at risk.
In response to the breach, JewishCare has enlisted cybersecurity experts to assist in containment and investigation efforts and is collaborating with Australian authorities, including the Australian Cyber Security Centre, Australian Federal Police, and the Office of the Australian Information Commissioner. JewishCare is working diligently to enhance its security protocols, aiming to restore safe system access for users and prevent further breaches. Officials stated that their primary concern is minimizing the breach’s impact on clients, donors, and other stakeholders by securing exposed data and remediating affected systems.
JewishCare has assured the community that there is currently no indication that the attack specifically targeted the Jewish community. However, it remains committed to working closely with law enforcement to investigate any potential concerns. The incident serves as a reminder of the critical importance of cybersecurity within healthcare organizations, as they often store highly sensitive personal data. JewishCare’s ongoing investigation seeks to clarify the extent of the breach and establish measures to strengthen their cybersecurity defenses for the future.