Health sector tops notifiable data breaches


Tuesday, 19 February, 2019
Health sector tops notifiable data breaches

When it comes to data breaches, the health industry is in the unenviable position of topping the notifiable data breaches for the last quarter of 2018, according to the latest report from the Office of the Australian Information Commissioner (OAIC).

Of the 262 data breaches involving personal information reported to the OAIC, 54 (20.6%) were from private health service providers. The health sector breaches were caused by human error or malicious or criminal attack.

Under the Notifiable Data Breaches scheme, organisations and agencies regulated under the Privacy Act must notify individuals and the OAIC when data breaches are likely to result in serious harm. The leading cause of notifiable data breaches in the December quarter was malicious or criminal attack (168 notifications), followed by human error (85 notifications) and system error (nine notifications).

Most data breaches resulted from malicious or criminal attacks involving cyber incidents stemming from compromised credentials (usernames and passwords), such as phishing and brute-force attacks.

Australian Information Commissioner and Privacy Commissioner Angelene Falk reinforced the need for organisations and individuals to secure personal information by safeguarding credentials.

“Preventing data breaches and improving cybersecurity must be a primary concern for any organisation entrusted with people’s personal information,” Falk said. “Employees need to be made aware of the common tricks used by cybercriminals to steal usernames and passwords.”

Key statistics for the health sector

The Notifiable Data Breaches October–December 2018 report shows:

54% of data breaches were due to human error, of which:

  • 28% included sending personal information to the wrong recipient by email;
  • 24% were due to failure to use the BCC function when sending group emails; and
  • 17% were caused by the unintended release or publication of personal information.
     

46% were due to malicious or criminal attack, of which:

  • 44% were cyber attacks; and 
  • 32% were due to the theft of paperwork or data storage devices.
     

The OAIC has produced a Data breach preparation and response guide for agencies and private sector organisations with obligations under the Privacy Act.

The December quarter Notifiable Data Breaches report is available at oaic.gov.au/ndbreport.

Image credit: ©duncananderson/Dollar Photo Club

Related News

Yarning tool empowers shared decision-making

The tool has been crafted through a series of yarning sessions led by Judith Parnham, Deputy...

Gold Coast Health partners with Foxo for unified comms

The partnership aims to enhance patient care through the co-design of advanced, secure and...

Clinical documentation app launched

PatientNotes, the AI-driven platform for clinical documentation, has launched an iOS app.

Content from other channels on our network

ISACA identifies gaps in AI knowledge, training and policies

Emergency onboarding: what to do before and after a data breach

VNC accounts for nearly all remote desktop attacks

Savvy directors are demanding more points of proof when cyber incidents occur

Vectra AI expands platform to combat GenAI threats

Registrations open for ARBS 2024

Express espresso, cold brew in under three min

PakTech's recycling partnership with Endeavour Group

CSIRO's protein powder creates added value from red meat

Coles launches recyclable paper bag packaging for mandarins

Council faces court over WorkCover injury claim delay

Feedback sought on changes to NT electrical safety laws

The benefits of complying with new welding fume safety standards

Truck driver fined $85K for workers compensation fraud

Company fined $1.2m for exposing workers to cobalt dust

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd