What to do in the event of a data breach via Mediref (for individual practices/organisations)
We recommend all practices and organisations using Mediref to have their own in-house procedure to follow in the event of a data breach. Guidelines are available at the OAIC website here. You can also get advice from the ADA and/or your cyber indemnity provider. The below is not legal advice.
- Revoke access to the correspondence in question
-
Deleting files retrospectively - This permanently deletes the files from Mediref's servers meaning nobody (including you and the original recipients) can view or download it going forward.
Of course, you may need to determine whether it has already been viewed or downloaded - see below.

-
Tracking feature - Mediref allows you to see which recipients have viewed (or not yet viewed), any sent correspondence. This information may be helpful in determining who needs to be notified regarding any data breach


