google.com, pub-8701563775261122, DIRECT, f08c47fec0942fa0
UK

Australian patients’ medical records could be sold on dark web after clinics’ data breach | Health

Australians’ medical records and patient information could be sold on a secret market, an expert has warned, following a cyberattack on one of the country’s largest healthcare providers.

Partnered Health said 21 clinics across cities including Sydney, Melbourne and Canberra were affected after a “malicious actor” accessed their data on June 23.

Medical information such as treatment details, consultation notes, referral letters and pathology or diagnostic results are also believed to have been stolen, along with Medicare numbers, private health insurance details, names, dates of birth, addresses and more.

Patients and stakeholders affected by the breach have been contacted, but a spokesperson for Partnered Health told Guardian Australia it was not in the interests of its patients to publicly discuss the number of people affected.

The company said it received an injunction from the New South Wales Supreme Court ordering the accessed data not to be used or published.

Dr Suelette Dreyfus, senior lecturer in information systems at the University of Melbourne, said this might prevent the dataset from being published on a regular website, but was unlikely to prevent it from being sold on the hidden market and dark web.

According to Dreyfus, personal medical information is especially valuable. There are reports that it has been sold A price of up to $250 per record, compared to personal information such as name and address, which sell for a few cents each.

“You can match that with information from other data sets, and that means the profile you can create on someone is much more detailed and potentially much more dangerous from a privacy perspective,” he said.

Sign up for Breaking News Australia email

“That can really disrupt a person’s life if they have a medical condition like a long-term illness; the risk is quite significant.”

He also said someone may have ordered the attackers to target a specific company or individual.

in 2018 Information of 1.5 million Singaporean patients was stolenUnidentified state actors are specifically targeting the country’s prime minister, Lee Hsien Loong.

Unlike financial data breaches, where victims can mitigate potential damages by changing their passwords and credit cards, those who lose their medical records have less recourse.

“It’s pretty hard to change your medical history when it’s blown out the door because of a cyberattack,” Dreyfus said.

He urged Australians to be wary of any unusual activity on their accounts, ensure their devices have the latest security updates and change their passwords regularly.

skip past newsletter introduction


Governments and institutions should also increase practical cybersecurity training, raise greater public awareness and support research to prevent attacks, he said.

This isn’t the first time Australians’ data has been put at risk in a cyber incident.

In 2022, the personal information of 9.7 million current and former Medibank customers was published on the dark web after the company refused to pay a group of hackers.

Three years ago, Victoria’s auditor general exposed cybersecurity weaknesses at three hospitals using “basic hacking tools” to access sensitive patient data.

Suggestions were made to ministries of health and hospitals and these were accepted.

Dreyfus said that although doctors and nurses are sensitive to the importance of patient privacy, healthcare institutions do not always prioritize the cybersecurity element of the services they provide.

“They’re considering not giving someone’s ex-husband this information about his ex-wife,” Dreyfus said.

“But that’s certainly different than an attacker breaking in to steal a hospital’s information wholesale.”

The incident was also reported to the Australian Cyber ​​Security Centre, the Office of the Australian Information Commissioner and law enforcement.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button