Sensitive information held by healthcare providers was one of the areas most vulnerable to cyber criminals, according to a government report.
Medical records were a valuable commodity on the black market, making the sector a prime target for attackers.
The first quarterly statistics report released by the Office of the Australian Information Commissioner (OAIC) details notifications received under the Notifiable Data Breaches (NDB) scheme. Between the start of the scheme on 22 February 2018 and the end of March, the OAIC received 63 breach notifications – the largest proportion (24 per cent), reported by health service providers.
At particular risk, according to OAIC technical consultant Garrett O’Hara, were aged care organisations.
“The aged-care sector must beef up cyber defences or risk exposing sensitive client information and (receiving) substantial fines,” Mr O’Hara told Australian Ageing Agenda.
“As every aged-care provider knows, the information they hold on clients is particularly sensitive. It’s imperative that aged-care professionals have secure access to this information – their clients’ health depends on it – but no one wants their personal health information exposed to the public or worse, to cyber criminals.”
Agencies and organisations covered by the Privacy Act must notify the OAIC if personal information they hold is involved in a data breach that is likely to result in serious harm.
The OAIC report found that the top three breaches involved contact information, financial details and health information.
Almost half were due to malicious or criminal attack and the other half due to human error, such as sending an email containing personal information to the wrong recipient.
Mr O’Hara said: “Organisations in the health and aged-care sector face the challenge of coordinating care between multiple parties – internal and external – while protecting the personal health information of their clients. And because the sale of medical records is so lucrative, the sector is an attractive target for attackers.”
“This all adds up to a situation in which aged-care providers must implement a cyber resilience strategy. The alternative is to risk exposing sensitive personal information and substantial fines.”
Are you concerned about the security of your medical records? And do you worry about your financial details if you are in an aged-care facility?