Clinic’s data breach a reminder to bolster security

Services Australia has launched an investigation into whether patients’ Medicare and concession card details have been accessed, after a clinic’s email was targeted in September.
 
Brisbane’s Top Health Doctors West End has now contacted the 5500 patients potentially impacted after its administration mailbox fell victim to a breach.
 
As a precaution, Services Australia has now begun the process of data matching the information obtained from Top Health Doctors with the Medicare and Centrelink records it holds.
 
This includes card numbers, the expiry date and patient name appearing on Medicare or Centrelink concession card, dates of birth, and patient addresses.
 
‘Customers who have been notified by Top Health Doctors that their information has been compromised as a result of the data breach should have heightened awareness of suspicious or unexpected activity across all of their online accounts,’ Services Australia warned.
 
Dr Rob Hosking, Chair of the RACGP Expert Committee – Practice Technology, told newsGP educating staff is a vital safeguard against data breaches.
 
‘Teach them the importance of having an email policy as well as a social media policy so that everybody knows what the rules are in your practice about what you can and can’t say and do,’ he said.
 
‘Phishing emails and so forth are getting very smart and it’s very worrying that you can get something that looks genuine, you click on it, and it opens and has access into your system.
 
‘Having really good quality software is [also] really useful, as is keeping it up to date so the malware detection screens your emails and tries to alert you if it looks like it’s a problem.’
 
The health sector remains the highest-reporting industry for data breaches, with 63 reported in the first six months of this year, accounting for 15% of all reports.
 
Malicious or criminal attacks remained the leading cause of data breaches, accounting for 70% of cases.
 
Dr Hosking said practices can now hire someone outside the business to implement the highest quality of protections.
 
‘If people are really starting to get worried about this sort of thing, they could pay a company to do penetration testing to see if somebody can get into their system, and then find out what the vulnerabilities are and try to fix them,’ he said.
 
‘The days of an individual GP who’s got an interest in IT managing the software system are gone. You need to pay for professionals and have good quality professionals managing your system, updating the system regularly, and checking that it’s still current.
 
‘It’s not just a data breach, it’s the potential business interruption which is a huge issue and if it’s a ransomware attack where they have blocked your access to your records, that can have a major impact on your business for weeks, or months, or years.’
 
There have already been a raft of high-profile data breaches across the nation this year, with a new study finding 57% of Australians think it is likely they will be impacted by a data breach incident in the next 12 months.
 
At the same time, 48% of Australians reported experiencing emotional distress as a direct result of a cyber security incident.
 
Dr Hosking said old or outdated IT systems is one of the biggest vulnerabilities faced by many practices.
 
‘Some of these scams going around are so sophisticated … but we’ve also got to try to fight it,’ he said.
 
‘It takes a huge amount of effort and you’ve got to pay for it, so be prepared to pay for quality security.
 
‘We have got to try to stop these people who try to make money or mischief out of somebody else’s misery.’
 
More information on what to do if a data breach occurs and how to prevent it can be found on the RACGP website.

UPDATE
Top Health Doctors West End sent through the below response following publication:
 
‘Top Health Doctors’ West End clinic experienced an incident, limited to an email compromise of an administration mailbox only,’ the spokesperson said.
 
‘As a precautionary measure, Top Health notified all patients at the West End clinic. Top Health also notified relevant authorities, including Services Australia, who have a specialist team that can apply precautionary measures to records if required.
 
‘The incident was contained promptly and Top Health has taken a number of steps to prevent reoccurrence, supported by specialist cyber experts.’
 
Log in below to join the conversation.

data information security privacy