AU/Global - Main Application - Operational
AU/Global - Main Application
AU/Global - Client Portal - Operational
AU/Global - Client Portal
AU - Communications - Operational
AU - Communications
US - Main Application - Operational
US - Main Application
US - Client Portal - Operational
US - Client Portal
UK - Main Application - Operational
UK - Main Application
UK - Client Portal - Operational
UK - Client Portal
Notice history
Sep 2024
- ResolvedResolved
This incident has been resolved. If you have further issues, please trying clearing your cache and cookies. If the issue persists. Please do reach out to us at support@powerdiary.com Thank you!
- InvestigatingInvestigating
We are currently investigating this incident. Please try clearing cache and cookies history to see if this immediately helps resolve.
Aug 2024
- ResolvedResolvedThis incident has been resolved.
- UpdateUpdate
We want to provide you with an update on our continued investigation into the recent unauthorized email activity.
As part of our ongoing review, we have identified a smaller number of additional profiles that were impacted by the same incident. These profiles were initially missed due to the method we used to identify affected emails. We have notified all accounts where these additional profiles were identified.
Additionally, we have received reports from some customers encountering an error message when trying to click into the spam emails within client’s profiles. After investigation, we’ve determined that this is due to a system security mechanism. The system is detecting that these emails were not sent using the expected pathway, and as a result, it is preventing access to these messages.
We are committed to continuing our investigation and keeping you informed every step of the way. In addition to the initial actions we took to stop the unauthorised email sending activity, we have implemented a range of additional security hardening measures relating to our communication systems. This work is ongoing.
We understand the significance of this issue and sincerely apologise for the concern it has caused you and your patients. If you have any questions or encounter any issues, please don’t hesitate to reach out to our support team.
Thank you for your continued patience.
- UpdateUpdate
We want to provide an update on our ongoing response to the recent unauthorized email activity. Since the incident, we have continued to closely monitor our systems, and we’re pleased to report that no further occurrences have been detected.
We have now notified all impacted account holders. These notifications included the profile numbers for any profiles within your account who may have received a spam message.
We appreciate your patience and cooperation as we’ve worked through this situation. Please know that we remain committed to maintaining the security of our platform and the trust of our customers. - UpdateUpdate
We have now identified the accounts that were impacted by the recent unauthorized email activity. We have sent an email directly to the account holders of those affected. This email should arrive in your inbox within the next couple of hours.
The email will include the Client Numbers for any clients within your account who we believe received one of the spam emails. Please review this information and reach out to our support team if you have any questions or concerns.
There are a very small number of accounts that we are continuing to investigate. We will notify those account holders individually once our investigation is complete.
We appreciate your understanding and cooperation as we continue to address this situation. Further updates will be provided as more information becomes available.
Thank you for your continued trust and patience. - UpdateUpdate
A quick update to let you know our team is continuing to investigate this issue. We are also compiling a list of all accounts impacted and will be emailing each one directly.
Clarification of unauthorized activity:
We want to provide a clear explanation regarding the nature of unauthorized email activity. It’s important to emphasize that the unauthorized party was only able to trigger the sending of emails—they did not, and do not have access to any of the personal information of your patients.
To help illustrate this, imagine a mail merge process. The unauthorized party was able to create the content of the email, similar to filling out a template, but they could not see any of the email addresses the messages were sent to, nor could they view any of the personal details (like patient names) that were automatically inserted by our system. They were essentially only able to “press send” without knowing who was receiving the emails or what specific information was included.
Importantly, we want to assure you that we have multiple safeguards in place to protect the personal information that we manage. Whilst it is extremely disappointing that an unauthorized party was able to send these emails, the security mechanisms we have in place to protect information access were not breached, and no personal information has been exposed to any third party.
Dedicated information pages:
Finally, as previously mentioned, we have created a dedicated page that you can share with your patients, as well as a summary page for practices that consolidates all the information known about this incident.
We understand the seriousness of this situation and are continuing our work to ensure the security of our platform. We appreciate your ongoing patience and understanding. - UpdateUpdate
Our team is continuing to work on the technical aspects of this incident, exploring all possible avenues of access to the relevant endpoints.
We want to emphasize that this issue has not affected all accounts or all patients. Work is still ongoing to identify specifically which accounts and patients may have received the SPAM emails.
We have published a dedicated page that you can share with your patients to provide them with clear and concise information about this incident. This will help you address any concerns they may have in a transparent manner.
We will also be publishing a summary page specifically for you, our customers. This page will consolidate all the information known about this incident so that you can easily understand the situation without needing to sift through multiple status page updates.
We appreciate your patience and understanding as we continue to address this issue. Further updates will be provided as we make more progress. - MonitoringMonitoring
Our ongoing investigation has now identified the email-sending endpoint that was accessed by the unauthorized party. We are taking additional containment measures to restrict this end-point and further protect our system.
It’s important to clarify that no individual accounts or the overall system have been compromised. The issue was the result of a vulnerability within our email-sending feature that allowed these unauthorized emails to be generated and sent.
We are continuing to monitor the situation closely and are conducting a thorough review of all our security protocols to ensure that similar vulnerabilities are identified and addressed. Our priority remains the security and trust of our customers and their patients.
We sincerely apologize for any inconvenience or concern this may have caused and will continue to keep you updated as we make further progress.
- IdentifiedIdentified
Our investigation so far has identified that an unauthorized party accessed one of our email-sending endpoints. This access allowed them to send bulk email messages that appeared to come from our customers to their patients.
The unauthorized access was limited to the use of our communication template system, which utilizes merge fields to insert personal information such as names. Crucially, the unauthorized party did not have access to this personal information. The merge fields were populated only after the messages were triggered, meaning the unauthorized party never saw or accessed this data.
The emails were sent using system-generated patient ID numbers, and the content of these messages referenced NFTs and cryptocurrency. We are conducting a thorough investigation to understand how this happened and to ensure the security of our platform moving forward.
We apologize for the inconvenience and concern this has caused and will continue to provide ongoing updates as we investigate and address this issue.
- UpdateUpdate
We are currently still assessing the scope of the email sending incident.
The issue appears to be limited to the sending of messages.
We will update as we know more.
- UpdateUpdate
An update to let you know that we are continuing to investigate this issue, and look into how these emails were able to be sent. The issue appears to be limited to the sending of messages. We will continue to update regularly as our investigation continues.
- InvestigatingInvestigating
We are aware that some people received spam messages that appear to have been sent via Power Diary. At this stage, we have not identified any further impact.
We are actively investigating the issue and will provide updates as soon as we have more information.
- ResolvedResolved
Dear users, this incident has been resolved. If you notice any unexpected behavior when submitting Medicare claims, please report it to support@powerdiary.com.
Thank you for your patience while we were working on resolving this issue. - UpdateUpdate
We are continuing to work on a fix for this incident. Thank you for your patience.
- IdentifiedIdentified
Dear users, we have identified an issue with submitting Medicare claims when a claimant is not a client. When claims are submitted to Medicare, where an invoice is billed not to a client, the claimant details are not populated on claim in full. The engineering team has identified the cause for this issue and are working on a fix. We apologise for the inconvenience.
- ResolvedResolved
This incident has been resolved. Please reach out to support@powerdiary.com should you experience any issues. Thank you for your patience while we were working on the fix.
- MonitoringMonitoringWe implemented a fix and are currently monitoring the result.
- InvestigatingInvestigating
Dear users, we are aware of an issue with processing Medicare (AUS) claims. We are currently investigating this incident.
- UpdateUpdate
This incident has now been resolved and all systems are now operating normally. We apologise for the incovenience this caused. If you are still experiencing an issue please let us know at support@powerdiary.com.
- ResolvedResolvedThis incident has been resolved.
- IdentifiedIdentified
We have identified the source of the issue. Our team are working to restore system functionality now. We apologise the incovenience this is causing.
- InvestigatingInvestigating
We are currently investigating this incident and will update asap
Jul 2024
- ResolvedResolved
This incident has been resolved. It may take some time for the synchronisation process to complete for all customers, but do email support@powerdiary.com if you continue to have trouble with this.
- IdentifiedIdentified
Our engineers have identified a fix for this issue and are working toward it in-line with our internal testing and QA procedures. We appreciate your continued patience during this time.
- UpdateUpdate
We are continuing to investigate this incident. Thank you for your continued patience during this time.
- InvestigatingInvestigating
We are aware that the two-way synchronisation of Google Calendar appointments is impacted by errors that appear to be coming from Google. Appointment syncing may be delayed or prevented due to these errors.
We are investigating the cause to determine if there is anything that can be actioned from our end to resolve this.