WA patient records leaked online

By Dylan Bushell-Embling
Wednesday, 22 July, 2020

Confidential medical data on a number of Western Australian residents has been leaked online by what is believed to be a teenage culprit.

More than 400 pages worth of confidential data from WA Health has been posted to a public facing website after being distributed over a paging service operated by Vodafone.

The leaked records are primarily messages between WA Health officials and doctors, including messages related to the state’s management of the COVID-19 crisis.

Premier Mark McGowan has been quoted as attributing the attack to a “person under the age of 16”, who is believed to have built software that intercepted the pager messages and automatically posted them online.

In a statement, Vodafone said it had shut down the pager network within hours of being made aware of a website illegally publishing information intercepted from it. The company said paging networks send messages using legacy radio technology.

“We encourage customers not to use paging services to send sensitive information,” the company said.

The company added that it has referred the matter to both the federal and WA police.

In its own statement, WA Health said it is “dismayed that confidential information may have made it into the public domain”.

A review of the department’s own data systems, as well as those of the Health Support Services (HSS) shared service centre, found no indication there has been a breach of health data sources, according to the statement.

The department’s acting director-general Angela Kelly told the ABC that the department has stopped using pager services altogether, admitting that there is “no way that any sensitive or personal information should be communicated on an unsecure system”.

The Office of the Australian Information Commissioner has announced it is making “urgent preliminary inquiries” about the circumstances surrounding the breach.

While the federal office does not have jurisdiction over WA state government departments, the Federal Privacy Act covers private health providers as well as organisations with an annual turnover of more than $3 million.

WA Shadow Minister for Public Sector Integrity Tjorn Sibma has meanwhile called on the government to investigate how the breach happened and make steps to ensure it does not happen again.

Image credit: ©stock.adobe.com/au/pixelrobot