Thursday, June 09, 2022

I Find A Data Breach Like This A Pretty Big Worry And Very Close To Home!

This appeared last week:

Sensitive NDIS health data breached in client platform hack

Denham Sadler
National Affairs Editor

31 May 2022

A “large volume” of highly sensitive health data has been compromised as part of a hack of a cloud-based client management system for NDIS service providers, with a sample posted on a “deep web forum” last week.

CTARS – a cloud-based client management system provider for NDIS, disability services, out of home care and children’s services – revealed this week that an unauthorised third-party had gained access to its systems on 15 May.

The third-party posted a sample of the stolen data around a week later on a “deep web forum”, the company said.

In the statement, CTARS said it is unable to determine what data has been compromised, but it likely includes sensitive health data such as the details of diagnoses, treatments and conditions and disabilities.

“Although we cannot confirm the details of all the data in the time available, to be extra careful we are treating any information held in our database as being compromised. This data includes documents containing personal information relating to our customers and their clients and carers,” the CTARS statement said.

There is now an “extreme level of risk” in terms of identity theft and fraudulent claims by providers and imposters using the leaked data, Centre for Digital Business chief executive and former NDIS head of technology authority Marie Johnson said.

“Data breaches create serious risk of harm – for people who are already suffering from these defective systems,” Ms Johnson told InnovationAus.com.

“This is like having the My Health Record on the dark web. The individual has very little power – and people’s identity would be compromised. There is no way that this can’t be the case. And people won’t know that it has happened. These are the most vulnerable at-risk people.”

In the statement, CTARS said that individuals who have not been contacted by their NDIS service provider about the breach should not be concerned about it.

“That is not reassuring and understates the seriousness of what has happened. This data belongs to the most vulnerable people in Australia,” Ms Johnson said.

“The primary concern must be for the safety of participants and the continuation of supports. And there is a real risk that safety and supports will be affected. What is to guarantee that payments will not be affected – and therefore the continuation of supports.”

More here:

https://www.innovationaus.com/sensitive-ndis-health-data-breached-in-client-platform-hack/

So here we have a large cloud based database deliberately and maliciously breached and the NDIS does not even know what has been captured and possibly sold!

You really have to wonder what this means?

“In the statement, CTARS said that individuals who have not been contacted by their NDIS service provider about the breach should not be concerned about it.”

A much fuller disclosure of what happened is needed so we can know what happened and the #myHealthRecord team, at least, can learn! The parallel with risks faced by the #myHR is pretty alarming!

David.

 

No comments:

Post a Comment