Incident: Australian National Disability Insurance Scheme provider breached and treating its database as compromised | ZDNet
Australian Medical Data Hacked, 31 May 2022
Australian National Disability Insurance Scheme case management system provider CTARS breached
“Large volume” of sensitive health data exposed.
Update: Data breach repository Have I Been Pwned, which is run by security expert Troy Hunt, on Wednesday said the number of compromised email addresses was approximately 12,000.
CTARS, the makers of a cloud-based client management system used by the Australian National Disability Insurance Scheme (NDIS) as well as disability services, out of home care, and children’s services, has revealed that an unauthorised third-party had gained access to its systems on May 15 and found the data posted to the dark web a week later.
This data includes documents containing personal information relating to our customers and their clients and carers.
The information page on the data breach suggests that sensitive heath data “could include details of the diagnoses, treatment, or recovery of a medical condition or disability”.
Other data though to be compromised includes Medicare and pensioner cards, as well as tax file numbers.
CTARS said that while the “very large volume” of data in its systems made it difficult to confirm the extent of the compromise, affected individuals would be contacted by their NDIS provider.