3
Australian patients’ medical records could be sold on dark web after clinics’ data breach
Partnered Health says 21 of its clinics across several cities including Sydney, Melbourne and Canberra have been targeted in a data breach. Photograph: Dominic Lipinski/PA View image in fullscreen Partnered Health says 21 of its clinics across several cities including Sydney, Melbourne and Canberra have been targeted in a data breach. Photograph: Dominic Lipinski/PA Australian patients’ medical records could be sold on dark web after clinics’ data breach ‘Malicious actor’ obtains sensitive data including Medicare numbers, treatment details and pathology results in cyber-attack on Partnered Health Follow our Australia news live blog for latest updates Get our breaking news email , free app or daily news podcast Australians’ medical records and patient information could be sold on the hidden market, an expert has warned, after a cyber-attack at one of the nation’s biggest healthcare providers. Partnered Health revealed 21 clinics across several cities including Sydney, Melbourne and Canberra were affected when a “malicious actor” accessed its data on 23 June. Medical information including treatment details, consultation notes, referral letters and pathology or diagnostic results is believed to have been stolen, alongside Medicare numbers, private health insurance details, names, dates of birth, addresses and more. Patient records stolen in cyber-attack on Australian healthcare provider Read more Patients and stakeholders affected by the breach have been contacted, but a Partnered Health spokesperson told Guardian Australia it was not in its patients’ interests to publicly discuss the number of people affected. The company said it had obtained an interim injunction from the New South Wales supreme court ordering the accessed data not be used or published. While this could prevent the dataset from being released on a regular website, it was unlikely to stop it from being sold on the hidden market and dark web, the University of Melbourne information systems senior lecturer Dr Suelette Dreyfus said. Personal medical information is particularly valuable, according to Dreyfus, with reports of it selling for up to US$250 per record, compared with personal information like name and address which sell for a few cents each. “You can match it with information in other datasets, and this means the profile you’re able to build of someone is much more detailed and potentially much more dangerous to privacy,” she said. Sign up for the Breaking News Australia email “It could really disrupt a person’s life if they had a medical condition like a long-term disease – the risk is pretty substantial.” It is also possible someone may have placed an order with the attackers to target a specific company or person, she said. In 2018, the details of 1.5 million Singaporean patients were stolen , with unidentified state actors specifically targeting the country’s prime minister, Lee Hsien Loong. Unlike financial data breaches, where victims can mitigate potential damage by c