Health data hack­ers

Sec­tor tops pri­vacy breaches


HEALTH­CARE data is highly cov­eted by cy­ber crim­i­nals and the health sec­tor is the big­gest tar­get of hack­ers in Aus­tralia, ac­cord­ing to new data.

The Of­fice of the Aus­tralian In­for­ma­tion Com­mis­sioner has re­vealed Aussies have been vic­tims of more than 300 ma­jor data breaches this year – with hack­ers and crim­i­nals get­ting ac­cess to the pri­vate data of hun­dreds of thou­sands of peo­ple.

The 305 breaches have taken place in just the past five months, since Fe­bru­ary 22, when Aus­tralia’s new manda­tory re­port­ing laws came into force, which de­mand busi­nesses dis­close when they have been hacked.

Bank de­tails, credit card num­bers, pass­port in­for­ma­tion, driver’s li­cences and other per­sonal in­for­ma­tion was among the data ac­ci­den­tally lost, shared or stolen.

And the main tar­get for hack­ers was the health­care sec­tor, which was the worst hit with 49 ma­jor data breaches. Al­though none in­volved the gov­ern­ment’s con­tentious My Health Record sys­tem. The fi­nance sec­tor was the next on the list, with 36 breaches.

The data comes as the Fed­eral Gov­ern­ment is scram­bling to as­sure the pub­lic over the safety of its My Health Record sys­tem, which re­cently changed to a com­pul­sory sys­tem un­less Aus­tralians opt out be­fore Oc­to­ber 15.

Be­cause of the abil­ity to sell large batches of per­sonal data for profit on the dark web, peo­ple’s health­care data is of­ten con­sid­ered more valu­able than credit card in­for­ma­tion.

It’s not just names and dates of birth and ad­dress in­for­ma­tion that can be used for iden­tity theft, but health files can also con­tain some­one’s blood type or the pre­scrip­tion drugs they take.

Hack­ers could use such in­for­ma­tion to har­vest their cre­den­tials and ac­cess their pre­scrip­tions.

Sen­si­tive health data could also be used to bribe some­one or, if large data sets are stolen, to ex­tract a ran­som from health­care providers, which hap­pened a cou­ple years ago in Cal­i­for­nia.

In April, e-health spe­cial­ist Dr Nathan Pin­skier, of the Royal Aus­tralian Col­lege of Gen­eral Prac­ti­tion­ers, told the ABC that no health­care or­gan­i­sa­tion or busi­ness was im­mune to se­cu­rity breaches.

“In Aus­tralian cy­ber­se­cu­rity, there are only two types of health­care or­gan­i­sa­tions – those that know they’ve been hacked and those that don’t know they’ve been hacked,” he said.

The fol­low­ing month, news. re­ported that a se­cu­rity breach had po­ten­tially ex­posed the per­sonal in­for­ma­tion of up to 8000 Fam­ily Plan­ning NSW clients, in­clud­ing women who sought abor­tions or con­tra­cep­tion.

At the time, the re­pro­duc­tive and sex­ual health or­gan­i­sa­tion sent an email to all of its clients apol­o­gis­ing for a “cy­ber at­tack” that “may have com­pro­mised our on­line data­bases”.

Most data breaches re­ported by the OAIC im­pacted 100 or fewer in­di­vid­u­als, the gov­ern­ment body said.

Manda­tory re­port­ing re­quires gov­ern­ment agen­cies, busi­nesses and not-for-profit or­gan­i­sa­tions with a turnover of more than $3 mil­lion to no­tify the OAIC of any breaches.

Act­ing In­for­ma­tion Com­mis­sioner An­ge­lene Falk warned Aus­tralians they “don’t live in a risk-free world”.

Hack­ers or cy­ber crim­i­nals made up 59 per cent of the at­tacks, while hu­man er­ror such as email­ing sen­si­tive in­for­ma­tion to the wrong ad­dress ac­counted for 36 per cent.

In some cases rogue em­ploy­ees mis­used data.

Photo: iS­tock

NO­BODY SAFE: Aus­tralians suf­fered 49 ma­jor health data breaches in five months.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.