These include women who had inquired about abortions, contraception and other services. The FPNSW site is now offline and has a legend reading: "Our website is getting a security update. Thank you for your patience, we'll be back online as soon as possible. It's business as usual at our clinics."
But it does not seem to have been business as usual over the last month with the site being breached by attackers on Anzac Day. Data that had been submitted to the site over the past 2-1/2 years is said to have been at risk.
The website has been built and is managed by Adelphi Digital.
The first Drupal vulnerability came to light on 28 March, with the project behind the content management system warning that it was highly critical and affected versions 7.x and 8.x.
The second vulnerability, made public on 25 April, was again remotely exploitable on systems running Drupal 7.x and 8.x, with the Drupal project saying a few hours after the initial report that it was being exploited in the wild.
In early May, researcher Troy Mursch, who works with Bad Packets Report, warned that attackers were using these vulnerabilities to break in to systems and use them for mining the monero cryptocurrency.
Patches for both vulnerabilities have been available from the dates they were announced and warnings had been issued about applying them as soon as possible.