Health Data Hack: Red Alert in Oz!

Australian Medibank hit by hackers: personal health data leaked again!

Is there a week where there isn’t a story about personal data hacked, lost, leaked or ransomed somewhere in the world?

It’s Australia’s turn, with a shock that echoed throughout the continent and raised concerns amongst the general public about the effectiveness of the concept of “personal data protection and confidentiality”.

Down under, the largest health insurance company -Medibank- provides access to a public service called "My Home Hospital” where patients benefit from home-based care. A recent hack into the State of South Australia patients’ database resulted in a leak of personal information and access to health data.

A situation which was at first minimized by Medibank, and which quickly snowballed and lead to an open political debate amongst the Australian society. As reported by the Financial Review:

The Medibank hack scandal has now hit government directly after the health insurer revealed the attackers now hold data related to an in-home hospital service delivered by the South Australian state government.

The financial stakes are high, with public watchdog investigating whether the breach of security could result in a hefty fine for Medibank (circa 300 million AUD) and impact the share price of the company. (click here to read the full article)

Beyond these financial consequences, and much more importantly, the question of cybercrime in the health sector and the reality of sensitive data protection remains high on the health stewards’ agenda.

Meanwhile, France reported a staggering doubling up of cybercrime against hospitals in 2020, and another doubling up from this number in 2021, with 730 incidents logged in!

No doubt that the COVID-19 pandemic, leading to fast tracking health digitization across health services, did not allow for a watertight level of security of all new IT architecture and infrastructure.

Clearly, patients are the weakest link and the preferred entry door for hackers, as underlined by the newly created French agency for health cybercrime CERT (click here to access their website).

What are the consequences or the impact of the hacking, ransomware or pirate shutdown? Well, first an increase in the average ransom requested to hospital (from 10,000 to 100,000 EUR).

But practical impact also include the death of a 78-year old patient in Germany as the health information system saturated and did not allow hospital admission in time…..as well as a dark web auction of 500,000 personal health records in France in February 2021!

According to EU Law, protection of personal data is a fundamental right (as per article 8 of the charter of fundamental rights).

All it takes now is to ensure technical abilities to protect this right, as clearly the hacking enemy is at the gates and health services under a siege that is just starting.