Healthcare providers must tighten data security: expert

Sensitive personal information held by providers tops breaches, says report.

Cyber thieves hunt your health data

Sensitive information held by healthcare providers was one of the areas most vulnerable to cyber criminals, according to a government report.

Medical records were a valuable commodity on the black market, making the sector a prime target for attackers.

The first quarterly statistics report released by the Office of the Australian Information Commissioner (OAIC) details notifications received under the Notifiable Data Breaches (NDB) scheme. Between the start of the scheme on 22 February 2018 and the end of March, the OAIC received 63 breach notifications – the largest proportion (24 per cent), reported by health service providers.

At particular risk, according to OAIC technical consultant Garrett O’Hara, were aged care organisations. 

“The aged-care sector must beef up cyber defences or risk exposing sensitive client information and (receiving) substantial fines,” Mr O’Hara told Australian Ageing Agenda.

“As every aged-care provider knows, the information they hold on clients is particularly sensitive. It’s imperative that aged-care professionals have secure access to this information – their clients’ health depends on it – but no one wants their personal health information exposed to the public or worse, to cyber criminals.”

Agencies and organisations covered by the Privacy Act must notify the OAIC if personal information they hold is involved in a data breach that is likely to result in serious harm.

The OAIC report found that the top three breaches involved contact information, financial details and health information.

Almost half were due to malicious or criminal attack and the other half due to human error, such as sending an email containing personal information to the wrong recipient.

Mr O’Hara said: “Organisations in the health and aged-care sector face the challenge of coordinating care between multiple parties – internal and external – while protecting the personal health information of their clients. And because the sale of medical records is so lucrative, the sector is an attractive target for attackers.”

“This all adds up to a situation in which aged-care providers must implement a cyber resilience strategy. The alternative is to risk exposing sensitive personal information and substantial fines.”

Are you concerned about the security of your medical records? And do you worry about your financial details if you are in an aged-care facility?



    To make a comment, please register or login
    15th May 2018
    So later this year when the Government wants access to all your medical records from the doctor and pharmacist you HAVE to phone and tell them you don't want your data stored on a central government database.
    The default is that your data WILL be a compulsory secondment by the the medical profession.
    15th May 2018
    Well, Rosret, what is the problem? At least we have been given 6 months notice. We travel a lot within Australia and I think the central database is a great idea. None of us carries the full medical history and pharmaceutical records around and having a database with all the relevant information could be lifesaving.

    If privacy is your concern, how do you feel about department stores, bottle shops and anywhere you use a plastic card having a huge amount of your personal shopping habits in their computers?

    15th May 2018
    The way I see privacy is that if the Pentagon can be hacked with all the amount of security it would have, what chance does a simple health insurer have. If hackers want the information, they'll get it. Personally, I have nothing to hide.

    16th May 2018
    What DOES this Govt Agency "Office of the Australian Information Commissioner (OAIC)" do, other than publish statistics? Recently, we heard that this agency decided there was no need for any action when CBA advised them in 2016 about millions of customer statements being lost!

    They should be defining the LEVELS of SECURITY and DEMANDING & MONITORING the COMPLIANCE with STRONG STANDARDS. Otherwise, the Govt should simply shut down this agency, save taxpayers money, and let the market forces run riot and let the crooks have their way!
    At least, then simple people will know for sure they have to protect themselves, and not depend on these inept Govt agencies to do their job!
    17th May 2018
    By the time we are allowed to disable it, they will have all they want anyway -- the problem I have with it is because many things the Dr has given you over time and you have not used never seems to get taken off the list, also many side effects are never listed either.

    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles