Incident: Skin cancer survey hack may have ‘compromised’ personal details, Medicare numbers of participants | ABC News (Australia)
Australian Medical Privacy Breach, 20 March 2023
Skin cancer survey hack may have ‘compromised’ personal details, Medicare numbers of participants
QIMR Berghofer survey data exposed via third party in November 2022
Company Statement: Media Statement
Source: Skin cancer survey hack may have ‘compromised’ personal details, Medicare numbers of participants | ABC News (Australia)
View more incidents from the Medical and Health Care sector.
QIMR previous incident: Australian Clinical Data Breach February 2021. QIMR Berghofer Medical Research Institute caught up in Accellion breach with 620MB of the data appearing to have been accessed on 25 December
Original PNORS Technology Group incident report: Australian Cyber Attack November 2022: Technology group providing services to Victorian government departments hit by a cyber attack. The company says hackers have revealed a sample “of what is believed to be stolen data”
Australia’s biggest skin cancer study has been hit by an unpublicised data breach, with the personal details of more than 1,000 people feared to have been accessed by hackers.
The ABC revealed cyber criminals last year broke into servers holding highly sensitive data collected by QIMR Berghofer, a medical research institute based in Brisbane.
The hacked servers were owned and operated by Datatime, a technology company hired by QIMR Berghofer to scan and process surveys for its QSKIN study, which has involved 50,000 Australians over more than a decade.
Paul Gallo, the chief executive of the PNORS Technology Group which owns Datatime, said the company’s cyber experts “do not believe any further data was breached, which includes the QSKIN data survey”.
“After a rigorous and extensive investigation by internal and external cyber security experts, it was determined that no private data was released into the public domain,” Mr Gallo said.
“There has been no further contact with the cyber hackers and we have no reason to believe any private data has been, or will be, released.”
“Once notified of the breach, QIMR Berghofer identified affected participants and contacted them directly by email in accordance with the recommendation of the Office of the Information Commissioner Queensland.
