On Wednesday of this week the Board’s Information Technology Infrastructure stopped working. We have subsequently been briefed that this is the result of a largescale ransomware attack on our key IT provider.

Our IT provider is working with their own forensic experts and Government agencies to understand the nature and extent of the impact. However our database and shared drives have been compromised and are no longer available to us.

As of this morning we have received no indication that this attack has resulted in the publication of personal details, however such a privacy breach may be possible as this matter unfolds and we will notify practitioners immediately if we become aware of a breach.

We are currently in the process of transferring the information we can (including a recent back-up copy of our register) to a new provider. We expect to have core functions back up and running by early next week.

This is not an isolated attack. It has affected a significant number of organisations both here and in Australia. Now that we have an understanding of the scope of this issue we have notified the Privacy Commission.

Practitioners can contact the Privacy Commission directly if they have any specific privacy concerns. Their contact details are here.

We appreciate this may be distressing and ask that practitioners be patient with us as we restore our operations. We also ask that practitioners refrain from contacting us with questions as we are currently unable to provide more information than is contained in this notification. We will inform practitioners of any significant changes to this situation as we can.

In the meantime we recommend that practitioners check out Netsafe’s advice to stay safe online.

We apologise for any inconvenience caused to practitioners by this matter and we are working around the clock to fix it.