Human error drives data breaches
HUMAN error is the top cause of notifiable data breaches for Australian health providers, the Office of the Australian Information Commissioner (OAIC) reveals. The latest OAI a e ata rea es e rt covering Jan to Jun 2020, recorded a 16% increase in notifications of the previous corresponding period, with
115 breaches relating to health organisations.
The report, released on Fri 31 Jul, followed warnings by Fred IT Group CEO, Paul Naismith, that pharmacy owners needed to boost cyber security measures ahead of the rollout of electronic prescriptions (PD 28 Jul).
“Cyber security has become an important area of compliance for pharmacy,” he said.
“Our industry faces the same responsibilities to notify of data breaches that other businesses face.
“Quality Care 2020 also requires that pharmacies are taking action in cyber security.”
In total 518 notifications were made to the OAIC in the first six months of 2020, with the health sector accounting for 22% of all breaches.
Across all sectors, malicious or criminal attacks were the main cause of breaches (61%), down 7% from the Jul to Dec 2019 figures.
However, human error accounted for 57% of breaches in the health sector, with notifications of date being sent to the wrong recipient the most common issue, followed by unauthorised disclosure.
A total of six healthcare-related data breaches related to a “rogue employee” or “insider threat”, while a further seven cases were associated with the theft of paperwork or data storage devices.
The health sector reported four system fault breaches with three cases of “unintended release or publication of data”, and one incidence of unintended access.