Story image

Healthcare reports most NDB breach incidents so far - why are they at risk?

16 Apr 2018

In less than two months since its February 22 launch, Australia’s Notifiable Data Breaches Scheme has netted 63 breach notifications, most of which were from health service providers – and involved human error.

According to the Notifiable Data Breaches Quarterly Statistics Report (January-March 2018), health service providers reported 15 breaches; followed by legal, accounting, and management services (10); finance (8); education (6); and charities (4).

78% of all breaches involved contact information, including names, email addresses, addresses and phone numbers.

33% involved health information; 30% involved financial details; 24% involved identity information such as driver licence numbers and passports; 14% involved tax file numbers; and 2% involved other sensitive information.

Most of the reported breaches involved personal information of fewer than 100 people, however there were 17 cases where breaches involved more than 100 people. In three cases, breaches involved personal information belonging to 10,000-99,999 people.

Human error seems to be a major problem for organisations that reported data breaches. 32 cases were due to human error such as inadvertent disclosures, 28 involved malicious or criminal attacks; 2 involved system faults; and 1 was caused by other methods.

Commenting on the revelations, Sense of Security CTO Jason Edelstein says that organisations really are their own worst enemy.

“The quarterly results providing some interesting insight into the cyber threats impacting Australian businesses. What’s concerning from the report is human error is currently our top threat, with 51 per cent of reported breaches being caused by human error, such as sending a document containing personal information to the incorrect recipient,” he says.

“The problem is, we’re sending contact information and financial details to these people. If they are malicious, an attacker could use this information to conduct social engineering activity, which can have dire consequences.”

“These errors should not be happening and we need to have better processes and policies in place to prevent this leakage of personal information. This requires us to educate employees on the cyber security risks and their responsibilities in handling data,” Edelstein continues.

He believes that it’s no surprise healthcare was the industry that reported the most breaches.

“This isn’t surprising due to the rise of internet connected medical devices, as part of the growing Internet of Things (IoT) trend. The benefits of these devices has seen many hospitals and healthcare facilities rapidly introduce them with little thought to the security implications of connecting them to the network,” he says.

“Exacerbating the problem is the fact vendors are currently in an arms race to bring products to market, to gain a competitive advantage. This means network connected apps and devices are rushed to market with very limited security protocols in place.”

“Whilst healthcare and hospitals are no more vulnerable than other sectors, the consequences are much more dangerous. Our information, sensitive data and wellbeing are all vulnerable if security is not made a priority. The best thing the healthcare industry can do is to educate its employees about security awareness. After all, they are in the business of saving lives, and getting them cyber-trained can help them do just that,” Edelstein concludes.

SUSE completes move to independence
“Current IT trends make it clear that open source has become more important in the enterprise than ever before."
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
SAS announces US$1 billion investment in AI
"At SAS, we remain dedicated to our customers and their success, and this investment is another example of that commitment."
Two Ministers’ thoughts on blockchain in Oz
Minister Karen Andrews, and Minister Simon Birmingham have released a joint statement on the national blockchain roadmap and extra $100,000 funding.
IntegrationWorks continues expansion with new Brisbane office
The company’s new office space at the Riverside Centre overlooks the Brisbane River and Storey Bridge.
DXC subsidiary takes SAP energy industry partner award
Winners of the awards were selected from SAP’s A/NZpartner ecosystem and announced at the recent SAP A/NZ Partner Kick-Off Meeting held in Sydney.
NetApp and allegro.ai showcase an integrated solution for deep learning
Unlike traditional software, in deep learning, the data rather than the code is of the utmost importance.
Opinion: Moving applications between cloud and data centre
OpsRamp's Bhanu Singh discusses the process of moving legacy systems and applications to the cloud, as well as pitfalls to avoid.