Health data hackers
Sector tops privacy breaches
HEALTHCARE data is highly coveted by cyber criminals and the health sector is the biggest target of hackers in Australia, according to new data.
The Office of the Australian Information Commissioner has revealed Aussies have been victims of more than 300 major data breaches this year – with hackers and criminals getting access to the private data of hundreds of thousands of people.
The 305 breaches have taken place in just the past five months, since February 22, when Australia’s new mandatory reporting laws came into force, which demand businesses disclose when they have been hacked.
Bank details, credit card numbers, passport information, driver’s licences and other personal information was among the data accidentally lost, shared or stolen.
And the main target for hackers was the healthcare sector, which was the worst hit with 49 major data breaches. Although none involved the government’s contentious My Health Record system. The finance sector was the next on the list, with 36 breaches.
The data comes as the Federal Government is scrambling to assure the public over the safety of its My Health Record system, which recently changed to a compulsory system unless Australians opt out before October 15.
Because of the ability to sell large batches of personal data for profit on the dark web, people’s healthcare data is often considered more valuable than credit card information.
It’s not just names and dates of birth and address information that can be used for identity theft, but health files can also contain someone’s blood type or the prescription drugs they take.
Hackers could use such information to harvest their credentials and access their prescriptions.
Sensitive health data could also be used to bribe someone or, if large data sets are stolen, to extract a ransom from healthcare providers, which happened a couple years ago in California.
In April, e-health specialist Dr Nathan Pinskier, of the Royal Australian College of General Practitioners, told the ABC that no healthcare organisation or business was immune to security breaches.
“In Australian cybersecurity, there are only two types of healthcare organisations – those that know they’ve been hacked and those that don’t know they’ve been hacked,” he said.
The following month, news. com.au reported that a security breach had potentially exposed the personal information of up to 8000 Family Planning NSW clients, including women who sought abortions or contraception.
At the time, the reproductive and sexual health organisation sent an email to all of its clients apologising for a “cyber attack” that “may have compromised our online databases”.
Most data breaches reported by the OAIC impacted 100 or fewer individuals, the government body said.
Mandatory reporting requires government agencies, businesses and not-for-profit organisations with a turnover of more than $3 million to notify the OAIC of any breaches.
Acting Information Commissioner Angelene Falk warned Australians they “don’t live in a risk-free world”.
Hackers or cyber criminals made up 59 per cent of the attacks, while human error such as emailing sensitive information to the wrong address accounted for 36 per cent.
In some cases rogue employees misused data.
NOBODY SAFE: Australians suffered 49 major health data breaches in five months.