Health sector tops notifiable data breaches

Tuesday, 19 February, 2019

Health sector tops notifiable data breaches

When it comes to data breaches, the health industry is in the unenviable position of topping the notifiable data breaches for the last quarter of 2018, according to the latest report from the Office of the Australian Information Commissioner (OAIC).

Of the 262 data breaches involving personal information reported to the OAIC, 54 (20.6%) were from private health service providers. The health sector breaches were caused by human error or malicious or criminal attack.

Under the Notifiable Data Breaches scheme, organisations and agencies regulated under the Privacy Act must notify individuals and the OAIC when data breaches are likely to result in serious harm. The leading cause of notifiable data breaches in the December quarter was malicious or criminal attack (168 notifications), followed by human error (85 notifications) and system error (nine notifications).

Most data breaches resulted from malicious or criminal attacks involving cyber incidents stemming from compromised credentials (usernames and passwords), such as phishing and brute-force attacks.

Australian Information Commissioner and Privacy Commissioner Angelene Falk reinforced the need for organisations and individuals to secure personal information by safeguarding credentials.

“Preventing data breaches and improving cybersecurity must be a primary concern for any organisation entrusted with people’s personal information,” Falk said. “Employees need to be made aware of the common tricks used by cybercriminals to steal usernames and passwords.”

Key statistics for the health sector

The Notifiable Data Breaches October–December 2018 report shows:

54% of data breaches were due to human error, of which:

  • 28% included sending personal information to the wrong recipient by email;
  • 24% were due to failure to use the BCC function when sending group emails; and
  • 17% were caused by the unintended release or publication of personal information.

46% were due to malicious or criminal attack, of which:

  • 44% were cyber attacks; and 
  • 32% were due to the theft of paperwork or data storage devices.

The OAIC has produced a Data breach preparation and response guide for agencies and private sector organisations with obligations under the Privacy Act.

The December quarter Notifiable Data Breaches report is available at

Image credit: ©duncananderson/Dollar Photo Club

Related News

Health care struggling to leverage data

Over 60% of healthcare providers believe they have ineffective central systems and processes for...

Study reveals EHR impact on nursing

Over a third of nurses in a US study said that EHRs made them work less efficiently. However, the...

AI supports instant diagnosis of top eye disease

A new technique, supported by artificial intelligence, supports the instant and early...

  • All content Copyright © 2019 Westwick-Farrow Pty Ltd