iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The healthcare industry continues to face an onslaught of cyber attacks, with Australia’s Diabetes WA being the latest organisation to face unauthorised access by a third party.
Diabetes WA disclosed the attack last week, saying that an unauthorised party gained access to the personal data of “some of our contacts”.
Data reportedly includes names, dates of birth, addresses, email addresses, phone numbers, Medicare numbers, type of diabetes, marital status, Indigenous status, and referring doctor.
Despite this, Diabetes WA said it can confirm that “no detailed medical records or detailed clinical information were accessed”.
“This breach was quickly detected and fully contained. It is under investigation through Diabetes WA’s Cyber Security Response Plan,” added Diabetes WA.
As required, the company has notified the Office of the Australian Information Commissioner and has sent notifications of the breach to “all affected individuals”.
Additionally, Diabetes WA said it plans to bolster its security measures to prevent further attacks.
Speaking with ITNews, a spokesperson for Diabetes WA said the attack happened after one user account was compromised by the threat actor. The company said the account has been “promptly closed, thereby blocking the attacker and stopping any further access to our system”.
Additionally, when asked about who the affected “contacts” were, Diabetes WA said that some of them may have been members.
“It is likely that a subsection of those contacts will have been members, but our focus has been on ensuring that every affected contact – whether a member or not – has been notified of the breach in the timeliest manner possible,” it said.
The attack on Diabetes WA is just the latest in the healthcare industry, a trend becoming increasingly common.
According to the chief executive and co-founder of Keep Security, Darren Guccione, the data retention requirements of healthcare organisations could mean that the large amounts of resulting data make these organisations a lucrative target to threat actors.
“Many industries, including healthcare, may have data retention requirements for legal, compliance or regulatory reasons,” he said.
“Because of these requirements, it is not uncommon for some companies to retain a large amount of past customer data.”
Be the first to hear the latest developments in the cyber industry.
