FPNSW chief executive Adjunct Professor Ann Brassil stressed more sensitive medical records were held internally by the organisation, were secure and "never under threat". The website was secured by 10am on April 26, 2018 and all web database information has been secure since that time, she said. "I just want to start by saying how sorry I am this has happened and to apologise so sincerely to all the clients that this has affected," Professor Brassil told Fairfax Media. She said there was no evidence the data had been used by the hackers, but acknowledged there was a potential risk that it could be used in the future. Loading Replay Replay video Play video Play video

"People have a right to know that if they input their personal data into our website we absolutely accept they thought it would be secure and in this instance we are very sorry to say it might have been breached," Professor Brassil said. The attack was financially motivated, with the hackers using ransomware that threatened to publicly release the data if a bitcoin ransom was not paid, Professor Brassil said. "The ransom said we are shutting down your website and you pay us $15,000 in Bitcoin for us to release the website, and it had a clock ticking down." "It wasn't that sophisticated, in that they were only after the money and once we didn't pay the money they disappeared," she said. She stressed the breach was not politically or ideologically driven, and FPNSW was not the target.

"This wasn't about family planning this was about a hack to software," Professor Brassil said. It is understood the hack was likely part of a wave international cyber attacks - known as Drupalgeddon2 - that targeted critical vulnerabilities in the Drupal website content management system. The message on the Family Planning NSW website on Monday. Credit:fpnsw.org.au "It was one of a number of cyber attacks against that particular piece of software," Professor Brassil said. "This is not about the quality of our services and we are completely committed to the confidentiality of clinical data."

“We hope the public will continue to trust us with their healthcare needs,” Professor Brassil said. A client who received FPNSW"s email on Monday, Lauren Ingram, said she found it quite concerning that her details had been compromised. “But for some women, if it were made public that they were at Family Planning NSW, it could be incredibly dangerous or shameful for them personally.” "Some women could be in abusive relationships and seeking healthcare without their partner’s knowledge. They could be from conservative families and feel shame for needing contraception. They shouldn’t feel shame but they might. The data breach could put them in danger," she wrote. The FPNSW website is currently down and would be back online after an external security review and internal testing, Ms Carrick and Professor Brassil said.

FPNSW clinics are operating as usual on Monday, FPNSW said in its statement. NSW Health said there were no other known website breaches in the NSW public health system or affiliated organisations. Health minister Brad Hazzard has directed the department to require all health-funded NGOs to confirm to NSW Health within 30 days that NGOs and their third party providers comply with relevant privacy and data standards, a spokesperson for the minister said. "This relates to the collection, storage and transmission of this data,” the spokesperson said in a statement. FPNSW's website was built and is managed externally by Adelphi Digital.