Share this article on:
The records of nearly 200 patients of Melbourne’s Royal Women’s Hospital incident have been exposed in a cyber incident.
The hospital is reporting that a staff member used a personal email to manage patient appointments. That email was then compromised by an unidentified hacker.
The Royal Women’s Hospital was not itself affected directly.
The hospital has said it is “very sorry to advise of a recent incident where cyber criminals gained access to the private email account of a staff member”.
“We are taking this matter very seriously and apologise sincerely for any distress and inconvenience caused to affected patients,” a hospital spokesman said in a widely reported statement.
The hospital is now undertaking a forensic investigation to discover the extent of the possible breach, and some patients have already been contacted as of Thursday (5 October) morning, with the remainder to be informed by registered mail, as reported by the NCA Newswire.
“The Women’s is thoroughly investigating the attack and has put in place actions to ensure that affected patients receive accurate information and adequate support,” the hospital said.
Affected patients have been offered advice and support to protect their identities, and the hospital has set up a hotline for its patients to call.
According to Professor Monica Whitty, the head of Monash University’s department of software systems and cyber security, faculty of information technology, this incident illustrates the “human factors” of cyber security.
“This case demonstrates that workplaces need to develop policies and secure technology that understands and acknowledges how employees behave while accessing their organisation’s online networks,” Professor Whitty said in an email shared with Cyber Daily.
“Research shows that these ‘accidental insiders’– employees who accidentally expose data or create vulnerabilities in their cyber workspace – do not have bad intentions towards an organisation, and when they find security workarounds, it is often because they are committed employees who want to do their jobs effectively. This is primarily because often, technological security systems seem to pose delays and prevent productivity or efficiency in the workplace.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.