Story image

Healthcare reports most NDB breach incidents so far - why are they at risk?

16 Apr 2018

In less than two months since its February 22 launch, Australia’s Notifiable Data Breaches Scheme has netted 63 breach notifications, most of which were from health service providers – and involved human error.

According to the Notifiable Data Breaches Quarterly Statistics Report (January-March 2018), health service providers reported 15 breaches; followed by legal, accounting, and management services (10); finance (8); education (6); and charities (4).

78% of all breaches involved contact information, including names, email addresses, addresses and phone numbers.

33% involved health information; 30% involved financial details; 24% involved identity information such as driver licence numbers and passports; 14% involved tax file numbers; and 2% involved other sensitive information.

Most of the reported breaches involved personal information of fewer than 100 people, however there were 17 cases where breaches involved more than 100 people. In three cases, breaches involved personal information belonging to 10,000-99,999 people.

Human error seems to be a major problem for organisations that reported data breaches. 32 cases were due to human error such as inadvertent disclosures, 28 involved malicious or criminal attacks; 2 involved system faults; and 1 was caused by other methods.

Commenting on the revelations, Sense of Security CTO Jason Edelstein says that organisations really are their own worst enemy.

“The quarterly results providing some interesting insight into the cyber threats impacting Australian businesses. What’s concerning from the report is human error is currently our top threat, with 51 per cent of reported breaches being caused by human error, such as sending a document containing personal information to the incorrect recipient,” he says.

“The problem is, we’re sending contact information and financial details to these people. If they are malicious, an attacker could use this information to conduct social engineering activity, which can have dire consequences.”

“These errors should not be happening and we need to have better processes and policies in place to prevent this leakage of personal information. This requires us to educate employees on the cyber security risks and their responsibilities in handling data,” Edelstein continues.

He believes that it’s no surprise healthcare was the industry that reported the most breaches.

“This isn’t surprising due to the rise of internet connected medical devices, as part of the growing Internet of Things (IoT) trend. The benefits of these devices has seen many hospitals and healthcare facilities rapidly introduce them with little thought to the security implications of connecting them to the network,” he says.

“Exacerbating the problem is the fact vendors are currently in an arms race to bring products to market, to gain a competitive advantage. This means network connected apps and devices are rushed to market with very limited security protocols in place.”

“Whilst healthcare and hospitals are no more vulnerable than other sectors, the consequences are much more dangerous. Our information, sensitive data and wellbeing are all vulnerable if security is not made a priority. The best thing the healthcare industry can do is to educate its employees about security awareness. After all, they are in the business of saving lives, and getting them cyber-trained can help them do just that,” Edelstein concludes.

How Adobe and ServiceNow aim to advance customer experience management
“Together, ServiceNow and Adobe will help enable seamless digital workflows that power the experiences customers want.”
Adobe opens up marketing opportunities with Roku
Adobe and streaming TV platform Roku are now offering Adobe customers the ability to precisely target consumer audiences moving to over-the-top content (OTT).
Adobe Summit kicks off the future of customer experience in Las Vegas
“Today, at Adobe Summit, we unveiled significant new capabilities in Adobe Experience Cloud, including the introduction of Adobe Commerce Cloud and Marketo Engage, and general availability of Adobe Experience Platform.”
NEXTDC appointed data centre provider for Queensland Government
“NEXTDC’s appointment to the supplier panel for data centre services is an important step forward for the Queensland Government."
Ruckus releases new switch for 100GbE edge-to-core networks
Enables multi-gigabit networks with pay-as-you-grow model suitable for education, government and enterprise environments.
How AI could help cardiologists detect heart defects
Deep learning supposedly has the potential to help doctors cut down on diagnostic errors.
The silver lining in Australia’s Government cloud strategy
Cloud has been a huge part of the ‘digital transformation’ conversation within Australian government during recent years.
‘Buy-now-pay-later’ taking consumer markets by storm
A new survey shows that young people are embracing this new method of purchasing, with over 1.5 million users in the last year in Australia alone.