Australia's private private health sector has become a prime target for data hacks

Theo Heimann/Getty Images
  • 242 notifications of data breaches were sent to the Office of the Australian Information Commissioner in the June quarter.
  • Malicious or criminal attacks were reported in 59% of cases.
  • The majority of malicious or criminal breaches reported were cyber incidents.

The private health sector is the top sector for reporting data breaches, according to the Office of the Australian Information Commissioner (OAIC).

However, the commissioner notes that the latest breaches don’t relate to the My Health Records system which is facing criticism because that data will be available for police, and other authorities such as the Australian Tax Office, to access without a warrant.

In the three months to June, the private health sector made 49 notifications of data breaches. Next was the finance sector with 36 notifications.

Overall the Office of the Australian Information Commissioner received 242 notifications under the Notifiable Data Breaches scheme for the quarter.

Since the scheme started in February this year, the OAIC has received 305 notifications in total.

The quarterly report shows that the main causes of data breaches are malicious or criminal attacks.

Attacks included cyber incidents such as phishing, malware, ransomware, brute-force attack, compromised or stolen credentials and hacking by other means, as well as social engineering or impersonation and actions taken by a rogue employee or insider threat.

Theft of paperwork or storage devices was a significant source of malicious or criminal attacks.

Source: Notifiable Data Breaches Quarterly Statistics Report

Most data breaches involved the personal information of 100 individuals or fewer.

However, in one case the confidential information of more than 1 million people was put at risk.

The only hack which fits this is the PageUp data breach which exposed recruitment records, and those of job seekers, at major Australian companies.

Both the OAIC and the company PageUp have refused to provide an overall number of the people affected by the hack.

The majority of data breaches involved contact information such as home address, phone number or email address.

Here are the kinds of personal information involved in data breaches:

Source: OAIC

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.