15th May 2018

Healthcare providers must tighten data security: expert

FONT SIZE: A+ A-
Cyber thieves hunt your health data
Janelle Ward

Sensitive information held by healthcare providers was one of the areas most vulnerable to cyber criminals, according to a government report.

Medical records were a valuable commodity on the black market, making the sector a prime target for attackers.

The first quarterly statistics report released by the Office of the Australian Information Commissioner (OAIC) details notifications received under the Notifiable Data Breaches (NDB) scheme. Between the start of the scheme on 22 February 2018 and the end of March, the OAIC received 63 breach notifications – the largest proportion (24 per cent), reported by health service providers.

At particular risk, according to OAIC technical consultant Garrett O’Hara, were aged care organisations. 



“The aged-care sector must beef up cyber defences or risk exposing sensitive client information and (receiving) substantial fines,” Mr O’Hara told Australian Ageing Agenda.

“As every aged-care provider knows, the information they hold on clients is particularly sensitive. It’s imperative that aged-care professionals have secure access to this information – their clients’ health depends on it – but no one wants their personal health information exposed to the public or worse, to cyber criminals.”

Agencies and organisations covered by the Privacy Act must notify the OAIC if personal information they hold is involved in a data breach that is likely to result in serious harm.

The OAIC report found that the top three breaches involved contact information, financial details and health information.

Almost half were due to malicious or criminal attack and the other half due to human error, such as sending an email containing personal information to the wrong recipient.

Mr O’Hara said: “Organisations in the health and aged-care sector face the challenge of coordinating care between multiple parties – internal and external – while protecting the personal health information of their clients. And because the sale of medical records is so lucrative, the sector is an attractive target for attackers.”

“This all adds up to a situation in which aged-care providers must implement a cyber resilience strategy. The alternative is to risk exposing sensitive personal information and substantial fines.”

Are you concerned about the security of your medical records? And do you worry about your financial details if you are in an aged-care facility?

 

Related articles:
Private data easy to access
Is your ATO data safe?
Facebook breach hits millions





COMMENTS

To make a comment, please register or login
Rosret
15th May 2018
12:56pm
So later this year when the Government wants access to all your medical records from the doctor and pharmacist you HAVE to phone and tell them you don't want your data stored on a central government database.
The default is that your data WILL be a compulsory secondment by the the medical profession.
Old Man
15th May 2018
1:15pm
Well, Rosret, what is the problem? At least we have been given 6 months notice. We travel a lot within Australia and I think the central database is a great idea. None of us carries the full medical history and pharmaceutical records around and having a database with all the relevant information could be lifesaving.

If privacy is your concern, how do you feel about department stores, bottle shops and anywhere you use a plastic card having a huge amount of your personal shopping habits in their computers?
Old Man
15th May 2018
1:17pm
The way I see privacy is that if the Pentagon can be hacked with all the amount of security it would have, what chance does a simple health insurer have. If hackers want the information, they'll get it. Personally, I have nothing to hide.
George
16th May 2018
11:30am
What DOES this Govt Agency "Office of the Australian Information Commissioner (OAIC)" do, other than publish statistics? Recently, we heard that this agency decided there was no need for any action when CBA advised them in 2016 about millions of customer statements being lost!

They should be defining the LEVELS of SECURITY and DEMANDING & MONITORING the COMPLIANCE with STRONG STANDARDS. Otherwise, the Govt should simply shut down this agency, save taxpayers money, and let the market forces run riot and let the crooks have their way!
At least, then simple people will know for sure they have to protect themselves, and not depend on these inept Govt agencies to do their job!
PlanB
17th May 2018
9:43am
By the time we are allowed to disable it, they will have all they want anyway -- the problem I have with it is because many things the Dr has given you over time and you have not used never seems to get taken off the list, also many side effects are never listed either.


Join YOURLifeChoices, it’s free

  • Receive our daily enewsletter
  • Enter competitions
  • Comment on articles