News
Healthed data breach exposes personal details
The RACGP says the incident highlights the importance of cybersecurity, while the educator confirmed it has ‘taken steps’ and notified those impacted.
The personal details of a large number of GPs have been published online, in a data breach leaving doctors feeling ‘significantly concerned’.
Australian healthcare educator Healthed confirmed that late on Sunday, 14 July, the company became aware of ‘a vulnerability within the Healthed website’.
It traced this to work undertaken by a third-party contractor.
‘This vulnerability led to the names, email addresses, postal addresses and mobile phone numbers of participants who attended Healthed’s face-to-face educational seminars becoming publicly available,’ a spokesperson told newsGP.
‘Healthed acted swiftly to resolve the issue within two hours of it being discovered and immediately advised its delegates and staff of the incident via email.
‘Healthed deeply regrets the unauthorised sharing of personal contact details caused through this incident.’
The company confirmed that no other personal information was compromised.
RACGP President Dr Nicole Higgins told newsGP the breach is a reminder of the importance of cybersecurity and education.
‘People need to remember that we also all use Facebook, Tik Tok, Instagram every day and that our information and data is being collected by external agencies,’ she said.
‘It’s really challenging when your data is being shared, which is why the RACGP has multiple layers in place for early detection.
‘There are practical things that GPs can do when they attend education events or anything in their role as GPs, and that is to use the practice address and the practice phone number as their contact details rather than putting personal information down.’
The breach is the latest in a long list of recent incidents which have impacted GPs, practices, and patients.
In May, MediSecure was affected after the personal and health information of individuals was made public, and last year, one Brisbane practice suffered after its email was hacked.
Dr David Adam, RACGP Expert Committee – Practice Technology and Management member, described this latest breach as ‘really not good enough’.
‘People are pretty upset about this, and you can certainly understand why,’ he told newsGP.
‘GPs have their own practice systems and if we make a mistake, we have to take that on the chin, we have to take responsibility for our patients’ data, and we should expect these groups to take responsibility for their data.
‘I just don’t see anyone taking it seriously unless there’s a significant fine or consequences for making this kind of mistake.’
A Healthed spokesperson confirmed the company has since taken action to prevent a similar breach occurring in the future.
‘The integrity and security of data held by Healthed is a key priority for the company which has taken steps to ensure its website is now fully secure to prevent a similar incident from occurring again,’ they said.
But Dr Adam said, for GPs especially, having their personal details available online is concerning.
‘I’m sure that some of our more vulnerable members feel significantly concerned about this,’ he said.
‘There are some doctors who have risk from patients, or former partners, or that kind of thing, and they do take their privacy extremely seriously, as they should.
‘Unfortunately, the standard cybersecurity advice everyone gets given is about using strong passwords and multifactor authentication, but none of that helps this sort of situation because it’s completely out of our hands.’
The RACGP has created several resources for GPs and practices to help bolster their cybersecurity and information on what to do if their practice is breached.
Log in below to join the conversation.
cybersecurity data breach
newsGP weekly poll
What do you think is most needed to improve ADHD diagnosis and management?