Select Page

Incident: Thousands of identifiable Northern Territory patient health files sent to overseas-based software vendor in government data breach | ABC News (Australia)

Incident: Thousands of identifiable Northern Territory patient health files sent to overseas-based software vendor in government data breach | ABC News (Australia)

Australian Medical Data Handling Incident, 25 May 2023

Thousands of identifiable Northern Territory patient health files sent to overseas-based software vendor in government data breach

NT Health says the onus is on individuals to check if the privacy of their medical records has been breached.

Source: Thousands of identifiable Northern Territory patient health files sent to overseas-based software vendor in government data breach | ABC News (Australia)
Source: Patients told to contact NT Health following privacy breach of identifiable medical records | ABC News (Australia)

View more incidents from Medical and Health Care sector and other reports from Northern Territory.

The Northern Territory government has breached the privacy of thousands of public health patients by sending identifiable medical records to a software vendor with offices in Europe, South America and China.

Northern Territory Health says the onus is on individuals to check if the privacy of their medical records has been breached by the government.

A preliminary incident report, obtained by the ABC through freedom of information laws, shows the extent of identifiable patient data transferred between NT Health, the Core Clinical Systems Renewal Program (CCSRP) and global software vendor Intersystems between 2018 and 2019.

On Thursday, the ABC revealed that more than 50,000 patients had their identifiable health files sent between two NT government departments in 2018 and 2019 as part of a software system upgrade.

More than 3,000 of those records were then sent to global software vendor Intersystems, which has offices in 27 countries, including in Europe, South America and China.

Some patient items were classed as having very-high or high clinical risk, such as psychology reports and psychiatric facility visits, termination of pregnancy or stillbirth records, and electroconvulsive therapy — also known as electric shock therapy — records.

Chief Minister Natasha Fyles, who was health minister at the time, never made the privacy breach public. In a statement to the ABC, Ms Fyles said the incident was referred to the NT Information Commissioner.

The incident report also revealed that no data governance framework was set by either NT Health or the Acacia project team prior to the transfers.

 


About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

* indicates required


Shares
Share This