Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Thursday, April 19, 2018

And You Think Your Private Health Information Is Well Looked After? Think Again!

This appeared last week:

Healthcare suffers almost a quarter of data breaches, as reports skyrocket under mandatory notification scheme

Lynne Minion | 11 Apr 2018
Data breaches have affected 63 Australian organisations since 22 February, with 24 per cent of them in healthcare, according to the Office of the Information Commissioner’s first report since the mandatory data breach reporting legislation came into effect.
Of the total breaches, health information was involved in 33 per cent of cases, the report released today said.
The Notifiable Data Breaches scheme, which came into force on 22 February, requires entities with obligations to secure personal information under the Privacy Act 1988 to notify individuals when their personal information is involved in a data breach that is likely to result in serious harm and notify the OAIC.
In the six week since its introduction, the scheme has unearthed breaches that may otherwise have remained secreted away within organisations, with the total 63 breaches more than half of the 114 data breach notifications disclosed voluntarily in the 2016–17 financial year.
The OAIC’s acting Australian Information Commissioner and acting Privacy Commissioner, Angelene Falk, said a data breach notification gives people the chance to take steps that can reduce their risk of experiencing harm, such as changing passwords for online accounts. It also encourages a higher standard of security from government agencies and eligible businesses.
More here:
So in six weeks we have had over 20 breaches that involved health information – about a rate of about 170 breaches a year!
There are also reports on the same sad story here:

Health sector dominates in first report on data breach notification scheme

63 data breaches reported in first six weeks of scheme’s operation
Rohan Pearce (Computerworld) 11 April, 2018 10:04
Health service providers accounted for almost a quarter of the breaches reported in the first six weeks of operation of the government’s Notifiable Data Breach (NDB) scheme.
The rules require organisations to report data breaches to the Office of the Australian Information Commissioner (OAIC) and notify affected individuals when there is a risk of “serious harm”.
Businesses with annual turnover greater than $3 million are covered by the scheme, as are organisations that handle certain sensitive categories of data, such as health-care providers, and Commonwealth entities.
The OAIC today issued its first quarterly report on the scheme (the report covers the period since the scheme’s start in February), revealing that it received 63 reports of data breaches during its first six weeks of operation.
By way of comparison, in the 2016-17 financial year the OAIC received 114 voluntary notifications of data breaches.
More here:
and here:

OAIC sees 63 data breach notifications in first six weeks

By Ry Crozier on Apr 11, 2018 9:18AM

Majority the result of "human error".

Australian organisations reported 63 data breaches in the first six weeks of mandatory notification rules coming into effect, with human error listed as the most common cause.
By contrast, when organisations only had to voluntarily reveal breaches, they only self-reported 114 instances for the entire 2016–17 financial year.
The Office of the Australian Information Commissioner (OAIC) today released the first quarterly report since the mandatory data breach notification scheme came into effect on February 22. [pdf]
The report notes that eight breach notifications were received in the six days in which the scheme operated in its launch month.
More here with link:
What is going to be very interesting, going forward, is more detailed information on the hows, who and whys of these breaches.
Oddly NSW want to not be involved – see here:

NSW govt opposes mandatory data breach reporting

By Justin Hendry on Apr 13, 2018 11:08AM

But will review voluntary scheme.

The NSW government will oppose a bill that would force state government agencies to report data breaches, arguing more consideration is needed before such a scheme is introduced.
The Privacy and Personal Information Protection Amendment (Notification of Serious Violations of Privacy by Public Sector Agencies) Bill was introduced by NSW Labor last November to bring about model similar to the federal mandatory data breach notification scheme.
The bill would require state agencies to notify affected individuals and the NSW Privacy Commissioner.
Such action was first called for by former privacy commissioner Elizabeth Coombs in 2015.
More here and I wonder what that is about?
From what has happened at the Federal level it is clear the system is needed!
David.

No comments: