Friday, May 10, 2019

A Timely Reminder Of Just How Bad The Health Sector Is At Digital Security.

This appeared last week:

The Un-healthiness of the Australian Health Sector’s Data Security

Australia  May 3 2019
More than twelve months after the commencement of the Australian Notifiable Data Breach Scheme,[1] statistics published by the Office of the Australian Information Commissioner (OAIC) have begun to reveal trends present in the 812 notifiable data breaches recorded in Australia between 22 February and 31 December 2018. One key trend is the clear susceptibility of the health care industry, which suffered one fifth of all data breaches recorded in Australia throughout 2018, the highest number on an industry scale.
There is a cruel sense of irony that the services we turn to when we are vulnerable are themselves vulnerable, suffering data breaches that may harm us financially, psychologically or, in extreme circumstances, physically. The figures are stark, with 163 notifiable data breaches suffered by health sector businesses that are subject to the federal Privacy Act 1988 (Cth), which does not include the country’s major hospitals operated under State jurisdictions. On top of these figures, the Australian Digital Health Agency, the agency responsible for administering the controversial ‘My Health Record’ system,[2] reported that a further 42 data breaches affected Australian My Health Records throughout 2018, which are also excluded from the statistics recorded in the OAIC’s reports.
For industries in the health sector, and those advising on cyber security, the question inevitably arising out of these figures is – why? Are these statistics merely the result of statistical variation over a limited period, or are there industry-specific factors that contribute to the prevalence of data breaches? This question cannot be answered definitively, but there are statistical anomalies within health sector data breach figures which provide further insight. In the period between 1 April 2018 and 31 December 2018 there were 83 notifiable data breaches in the health sector caused by human error, comprising 56% of the total breaches throughout that period.[3] This figure is alarmingly high. In contrast, the percentage of data breaches caused by human error in all other industries is a mere 30%.[4]
More here:
What can you say? The whole sector needs to be better supported, better trained and more alert!
David.

1 comment:

  1. There really should be an aggregation of local state and federal incidents. The other barrier is the high costs for 27000 consultants that in reality leave you with more questions than answers. More should be made of the low cost rapid digital assessment tools. These quickly provide organisations with a view of their maturity and gaps and recommended paths to increasing maturity.

    The hospitals and entities that have high number of interns and trainees present a high likelihood of unauthorised access and they could better educate and monitor.

    There is also they way information is stored, exchanged and compiled. The duplication must be excessive and their lays to problem.

    ReplyDelete