Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

SA patient records deleted in ‘isolated data incident’

The records of 121 SA Health patients have been impacted, along with contact details of over 12,000 more patients.

user icon David Hollingworth
Mon, 30 Oct 2023
SA patient records deleted in ‘isolated data incident’
expand image

According to SA Health, the third-party provider behind the Digital Patient Pathways app detected unauthorised access within two hours and immediately began working with SA Health to mitigate the issue. The incident occurred on 16 October.

Only two South Australian health networks were affected – Central Adelaide Local Health Network and Southern Adelaide Local Health Network.

While a single folder was deleted – which contained the patient data and contact details – SA Health believes no data was exfiltrated by the as-yet unidentified threat actor.

============
============

The 121 patient records included “personal, medical and/or legal documents”, and the impacted patients have been notified. The deleted folder also contained the names and phone numbers of 12,624 patients who had been invited to use the app.

“The incident occurred outside the SA Health network within a specific part of the infrastructure used by Personify Care,” SA Health said in a statement.

“Personify Care has engaged an expert advisory firm to provide an independent assessment of the additional measures they are implementing to prevent such incidents from occurring in the future.

“All appropriate measures have been taken to independently verify that the incident has been resolved and there is no further risk to patient information contained on the Personify Care platform.”

The Office of the Australian Information Commissioner has been notified of the incident, and concerned patients have been directed that they can contact identity and cyber support organisation IDCare free of charge for support and advice.

South Australian State Treasurer Stephen Mullighan revealed earlier this month that SA Super had been impacted by a security incident at a third-party call centre.

“A third-party provider who was contracted by Super SA, and other government agencies, to provide call centre services has experienced a cyber security incident,” said SuperSA about the incident.

“This affects a small cohort of Super SA members, and none of the data held by the third-party provider contains information post-2020.”

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.