Health sector tops notifiable data breaches
When it comes to data breaches, the health industry is in the unenviable position of topping the notifiable data breaches for the last quarter of 2018, according to the latest report from the Office of the Australian Information Commissioner (OAIC).
Of the 262 data breaches involving personal information reported to the OAIC, 54 (20.6%) were from private health service providers. The health sector breaches were caused by human error or malicious or criminal attack.
Under the Notifiable Data Breaches scheme, organisations and agencies regulated under the Privacy Act must notify individuals and the OAIC when data breaches are likely to result in serious harm. The leading cause of notifiable data breaches in the December quarter was malicious or criminal attack (168 notifications), followed by human error (85 notifications) and system error (nine notifications).
Most data breaches resulted from malicious or criminal attacks involving cyber incidents stemming from compromised credentials (usernames and passwords), such as phishing and brute-force attacks.
Australian Information Commissioner and Privacy Commissioner Angelene Falk reinforced the need for organisations and individuals to secure personal information by safeguarding credentials.
“Preventing data breaches and improving cybersecurity must be a primary concern for any organisation entrusted with people’s personal information,” Falk said. “Employees need to be made aware of the common tricks used by cybercriminals to steal usernames and passwords.”
Key statistics for the health sector
The Notifiable Data Breaches October–December 2018 report shows:
54% of data breaches were due to human error, of which:
- 28% included sending personal information to the wrong recipient by email;
- 24% were due to failure to use the BCC function when sending group emails; and
- 17% were caused by the unintended release or publication of personal information.
46% were due to malicious or criminal attack, of which:
- 44% were cyber attacks; and
- 32% were due to the theft of paperwork or data storage devices.
The OAIC has produced a Data breach preparation and response guide for agencies and private sector organisations with obligations under the Privacy Act.
The December quarter Notifiable Data Breaches report is available at oaic.gov.au/ndbreport.
Twilio's global study reveals that 97% of enterprise decision-makers believe the COVID-19...
Three digital health courses will be delivered by RMIT Online and the Digital Health CRC to...
The innovative solution enables healthcare organisations to share patient-consented health...