Select Page

Incident: Thousands of identifiable Northern Territory patient health files sent to overseas-based software vendor in government data breach | ABC News (Australia)

Incident: Thousands of identifiable Northern Territory patient health files sent to overseas-based software vendor in government data breach | ABC News (Australia)

Australian Medical Data Handling Incident, 25 May 2023

Thousands of identifiable Northern Territory patient health files sent to overseas-based software vendor in government data breach

NT Health says the onus is on individuals to check if the privacy of their medical records has been breached.

Source: Thousands of identifiable Northern Territory patient health files sent to overseas-based software vendor in government data breach | ABC News (Australia)
Source: Patients told to contact NT Health following privacy breach of identifiable medical records | ABC News (Australia)

View more incidents from Medical and Health Care sector and other reports from Northern Territory.

The Northern Territory government has breached the privacy of thousands of public health patients by sending identifiable medical records to a software vendor with offices in Europe, South America and China.

Northern Territory Health says the onus is on individuals to check if the privacy of their medical records has been breached by the government.

A preliminary incident report, obtained by the ABC through freedom of information laws, shows the extent of identifiable patient data transferred between NT Health, the Core Clinical Systems Renewal Program (CCSRP) and global software vendor Intersystems between 2018 and 2019.

On Thursday, the ABC revealed that more than 50,000 patients had their identifiable health files sent between two NT government departments in 2018 and 2019 as part of a software system upgrade.

More than 3,000 of those records were then sent to global software vendor Intersystems, which has offices in 27 countries, including in Europe, South America and China.

Some patient items were classed as having very-high or high clinical risk, such as psychology reports and psychiatric facility visits, termination of pregnancy or stillbirth records, and electroconvulsive therapy — also known as electric shock therapy — records.

Chief Minister Natasha Fyles, who was health minister at the time, never made the privacy breach public. In a statement to the ABC, Ms Fyles said the incident was referred to the NT Information Commissioner.

The incident report also revealed that no data governance framework was set by either NT Health or the Acacia project team prior to the transfers.

 


About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Australia's digital arrival cards to roll out nationally

A much-anticipated digital version of Australia’s Incoming Passenger Card for international arrivals will be rolled out nationally over the next 18 … [...]

Telstra outage blamed on known bug in obsolete server

Failure to replace a 20-year-old server worth $30,000 could cost Telstra $30 million in fines, with executives set to face a Senate inquiry this week … [...]

ACSC warns of large-scale campaign exploiting CMS vulnerabilities in Australia

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has issued an alert about a “large-scale exploitation campaign” … [...]

Exclusive: Prolific hacker 2019 selling alleged Hot Toner Australia customer data online

The threat actor behind a string of hacks targeting Australian organisations claims to have compromised the personal and sales data of more than … [...]

The ACSC should become Australia’s cybersecurity regulator | The Strategist

The Australian Cyber Security Centre (ACSC) should evolve into a formal cybersecurity regulator, with a role comparable in principle to what the … [...]

Hacked! Royal Foods confirms cyber incident following The Gentlemen ransomware claims

Hackers behind the Mackay Sugar breach list Australian gourmet food supplier on darknet leak site. • Fri, 10 Jul 2026 • Security *]:clear-none … [...]

AUSCERT Week in Review for 10th July 2026

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has issued a critical alert following a large-scale cyber campaign … [...]

Telstra outage sends warning about dangers of future telecommunications attacks

Sky News host Jaimee Rogers says the Telstra outage is a warning for how dangerous a deliberate attack on Australia’s telecommunications could be. “Communications are critical infrastructure, so why aren't [...]

Telstra CEO says she is ‘deeply sorry’ for nationwide outage

The CEO of Telstra has returned from leave following the outage impacting its services, having now issued an apology for the issues caused. • Fri, 10 … [...]

Australian cyber security leader recognised with global AI ethics award

Maryam Shoraka has been named the 2026 Global Cybersecurity AI Ethics Woman of the Year, recognising her work at the intersection of cyber security … [...]

Cyber and Infrastructure Security Centre Website

Cyber and Infrastructure Security Centre Website Protecting Australia's Cyber and Infrastructure Security.​​​ [...]

Telstra outage: 'Software defect solution' in place after hundreds unable to call Triple Zero in outage

Telstra has implemented a fresh "solution" to resolve a secondary software defect that left hundreds of customers unable to make Triple Zero calls … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading