Power Diary - Notice history

This incident has been resolved. If you have further issues, please trying clearing your cache and cookies. If the issue persists. Please do reach out to us at support@powerdiary.com Thank you!

We want to provide you with an update on our continued investigation into the recent unauthorized email activity. 

As part of our ongoing review, we have identified a smaller number of additional profiles that were impacted by the same incident. These profiles were initially missed due to the method we used to identify affected emails. We have notified all accounts where these additional profiles were identified.

Additionally, we have received reports from some customers encountering an error message when trying to click into the spam emails within client’s profiles. After investigation, we’ve determined that this is due to a system security mechanism. The system is detecting that these emails were not sent using the expected pathway, and as a result, it is preventing access to these messages.

We are committed to continuing our investigation and keeping you informed every step of the way. In addition to the initial actions we took to stop the unauthorised email sending activity, we have implemented a range of additional security hardening measures relating to our communication systems. This work is ongoing.

We understand the significance of this issue and sincerely apologise for the concern it has caused you and your patients. If you have any questions or encounter any issues, please don’t hesitate to reach out to our support team.

Thank you for your continued patience.

We want to provide an update on our ongoing response to the recent unauthorized email activity. Since the incident, we have continued to closely monitor our systems, and we’re pleased to report that no further occurrences have been detected.

We have now notified all impacted account holders. These notifications included the profile numbers for any profiles within your account who may have received a spam message.

We appreciate your patience and cooperation as we’ve worked through this situation. Please know that we remain committed to maintaining the security of our platform and the trust of our customers.

We have now identified the accounts that were impacted by the recent unauthorized email activity. We have sent an email directly to the account holders of those affected. This email should arrive in your inbox within the next couple of hours.

The email will include the Client Numbers for any clients within your account who we believe received one of the spam emails. Please review this information and reach out to our support team if you have any questions or concerns.

There are a very small number of accounts that we are continuing to investigate. We will notify those account holders individually once our investigation is complete.

We appreciate your understanding and cooperation as we continue to address this situation. Further updates will be provided as more information becomes available.

Thank you for your continued trust and patience.

A quick update to let you know our team is continuing to investigate this issue. We are also compiling a list of all accounts impacted and will be emailing each one directly.

Clarification of unauthorized activity: 

We want to provide a clear explanation regarding the nature of unauthorized email activity. It’s important to emphasize that the unauthorized party was only able to trigger the sending of emails—they did not, and do not have access to any of the personal information of your patients.

To help illustrate this, imagine a mail merge process. The unauthorized party was able to create the content of the email, similar to filling out a template, but they could not see any of the email addresses the messages were sent to, nor could they view any of the personal details (like patient names) that were automatically inserted by our system. They were essentially only able to “press send” without knowing who was receiving the emails or what specific information was included.

Importantly, we want to assure you that we have multiple safeguards in place to protect the personal information that we manage. Whilst it is extremely disappointing that an unauthorized party was able to send these emails, the security mechanisms we have in place to protect information access were not breached, and no personal information has been exposed to any third party.

Dedicated information pages:

Finally, as previously mentioned, we have created a dedicated page that you can share with your patients, as well as a summary page for practices that consolidates all the information known about this incident.

We understand the seriousness of this situation and are continuing our work to ensure the security of our platform. We appreciate your ongoing patience and understanding.

Our team is continuing to work on the technical aspects of this incident, exploring all possible avenues of access to the relevant endpoints. 

We want to emphasize that this issue has not affected all accounts or all patients. Work is still ongoing to identify specifically which accounts and patients may have received the SPAM emails.

We have published a dedicated page that you can share with your patients to provide them with clear and concise information about this incident. This will help you address any concerns they may have in a transparent manner.

We will also be publishing a summary page specifically for you, our customers. This page will consolidate all the information known about this incident so that you can easily understand the situation without needing to sift through multiple status page updates.

We appreciate your patience and understanding as we continue to address this issue. Further updates will be provided as we make more progress.

Our ongoing investigation has now identified the email-sending endpoint that was accessed by the unauthorized party. We are taking additional containment measures to restrict this end-point and further protect our system.

It’s important to clarify that no individual accounts or the overall system have been compromised. The issue was the result of a vulnerability within our email-sending feature that allowed these unauthorized emails to be generated and sent.

We are continuing to monitor the situation closely and are conducting a thorough review of all our security protocols to ensure that similar vulnerabilities are identified and addressed. Our priority remains the security and trust of our customers and their patients.

We sincerely apologize for any inconvenience or concern this may have caused and will continue to keep you updated as we make further progress.

Our investigation so far has identified that an unauthorized party accessed one of our email-sending endpoints. This access allowed them to send bulk email messages that appeared to come from our customers to their patients.

The unauthorized access was limited to the use of our communication template system, which utilizes merge fields to insert personal information such as names. Crucially, the unauthorized party did not have access to this personal information. The merge fields were populated only after the messages were triggered, meaning the unauthorized party never saw or accessed this data.

The emails were sent using system-generated patient ID numbers, and the content of these messages referenced NFTs and cryptocurrency. We are conducting a thorough investigation to understand how this happened and to ensure the security of our platform moving forward.

We apologize for the inconvenience and concern this has caused and will continue to provide ongoing updates as we investigate and address this issue.

We are currently still assessing the scope of the email sending incident.  

The issue appears to be limited to the sending of messages.

We will update as we know more. 

An update to let you know that we are continuing to investigate this issue, and look into how these emails were able to be sent. The issue appears to be limited to the sending of messages. We will continue to update regularly as our investigation continues.

Dear users, this incident has been resolved. If you notice any unexpected behavior when submitting Medicare claims, please report it to support@powerdiary.com.
Thank you for your patience while we were working on resolving this issue.

We are continuing to work on a fix for this incident. Thank you for your patience.

This incident has been resolved. Please reach out to support@powerdiary.com should you experience any issues. Thank you for your patience while we were working on the fix.

This incident has now been resolved and all systems are now operating normally. We apologise for the incovenience this caused. If you are still experiencing an issue please let us know at support@powerdiary.com.

We have identified the source of the issue. Our team are working to restore system functionality now. We apologise the incovenience this is causing.

This incident has been resolved. It may take some time for the synchronisation process to complete for all customers, but do email support@powerdiary.com if you continue to have trouble with this.

Our engineers have identified a fix for this issue and are working toward it in-line with our internal testing and QA procedures. We appreciate your continued patience during this time.

We are continuing to investigate this incident. Thank you for your continued patience during this time.