What to do in the event of a data breach via Mediref (for individual practices/organisations)

We recommend all practices and organisations using Mediref to have their own in-house procedure to follow in the event of a data breach. Guidelines are available at the OAIC website here. You can also get advice from the ADA and/or your cyber indemnity provider. The below is not legal advice.

One of the first actions a practice should take, in such an event, is to contain the breach using all reasonable means to do so. If Mediref was the medium by which a breach occurred* (e.g. a human error where the wrong thing was sent to the wrong person), Mediref provides in built tools to help you take some of those reasonable steps. We recommend using these Mediref tools to help contain the breach:
  • Revoking access to the correspondence in question
  • Deleting files retrospectively - This permanently deletes the files from Mediref's servers meaning nobody (including you and the original recipients) can view or download it going forward. Of course, you may need to determine whether it has already been viewed or downloaded - see the next point for help in that
  • Tracking feature - Mediref allows you to see which recipients have viewed (or not yet viewed), any sent correspondence. This information may be helpful in determining who needs to be notified regarding any data breach
* Breaches that occur via user/human error, where Mediref is the medium by which data was transmitted, MUST be dealt with by the relevant practice/organisation. For any data breaches that occur because of Mediref's technology/software,  please read here .
The above advice is not comprehensive and only covers the areas where Mediref may help if a breach occurs. As mentioned above, please contact the relevant parties or seek legal advice on how to proceed. 
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles