Healthcare breaches top Australia data offenses in April-June

Healthcare cyberincidents beat financial and education sector offenses.

Australia’s healthcare industry was hit by the largest number of data breaches across industries in April through June with a total of 49 notifications lodged with the Office of the Australian Information Commissioner, reports Information Security Group. 

Of those, 41 incidents involved fewer than 1,000 people; five incidents involved between 1,001 and 5,000 people; two involved between 5,001 and 10,000 people.

Only one reported incident was at a scale involving between 10,001 and 25,000 people.

The growing vulnerability of the region’s healthcare systems to cyber attacks is laid bare after a massive attack at Singapore’s national health database SingHealth where the personal information of more than 1.5 million individuals including the Prime Minister’s were illegally accessed. Not a month after, Hong Kong’s health department was also hit by a ransomware that left some computers unable to access files. 

More than half (59%) of Australia’s healthcare breaches during April to June were brought about by human error whilst 41% were malicious or criminal in nature.

Hacking, phishing and stolen credentials each constituted a fourth (25%) of malicious cyber incident data breaches in the country’s healthcare sector. Ransomware and brute-force attack which compromised credentials accounted for 12.5% each in the three-month period’s cyberincidence.

Trailing behind the healthcare sector, Australia’s financial industry had the second greatest number of notifications at 36.

This was followed by the legal, accounting and management services sector at 20, the education sector at 19 and business and professional associations at 15.

The vast majority of breached information - some 216 of 242 notifications - involved contact details. The next highest category of breached information involved financial details, identity information, health information, and tax file numbers.