Data Breach At Women’s and Children’s Hospital Exposed Children’s Records Online

Here comes a report about another health data breach that this time has affected Australian citizens. The Womens and Childrens Hospital in Adelaide, Australia, exposed children’s data online for about 13 years. The hospital came to know about the incident after a victim’s parent noticed the data online.

Womens and Childrens Hospital Leaked Children’s Data Online

In a recent medical data breach, the data of around 7200 children were exposed online. Reportedly, the data belonged to the Women’s and Children’s Hospital. It included the patients’ details who received treatment at the hospital for whooping cough, gastro, and respiratory infections between the years 1996 and 2005. Since 2005, the hospital’s website exposed the data online, which marks a breach of around 13 years.

Phil Robinson, Women’s and Children’s Executive Director of Corporate Service, explained more about the breach by saying,

“The patient information was included in an academic presentation on childhood infections that was posted to the WCH website in 2005. It contained embedded data with the names, date of birth and test results for around 7,200 pathology tests taken between 1996 and 2005.”

Although the website removed the presentation in 2016, the authors forgot to remove the source link. Hence, anyone could access the data via document sharing sites.

The matter came to the notice of SA Health on Wednesday. A parent found the data while searching his child’s name on Google, and reported to SA Health.

SA Health Confirmed Removal Of Data

SA Health released a media statement on Saturday, explaining their role in resolving the matter. They conducted a review after which the two data sharing websites, dokumen.tips and docslide.com.br, that displayed the data without authorization, removed the data.

“Once we are alerted to the error late Wednesday afternoon, we identified the nature of the information and contacted the website administrators who removed the presentation containing the data by Thursday afternoon. However, because the data was stored in a cache, it wasn’t completely removed from the internet until late last night.”

They also confirm ‘low risks’ of anyone discovering the information from the data file. As stated by Phil Robinson,

“Our IT security team advise that the risk of anyone discovering the embedded information within the presentation is extremely low. We have no evidence to suggest that any of the information has been used inappropriately.”

SA Health has not informed individual victims owing to the enormity of the records. Yet, they apologize to those affected for the breach. Moreover, they are also conducting a review of other SA Health websites to know if a similar incident has happened anywhere else.

Let us know your thoughts in the comments section.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients