e-Health Ready

Notifiable Data Breaches, OAIC: Human Error & Cyber Security Issues

By Yianni Serpanos | Aug 01, 2018

Well it’s been an interesting year for security & privacy in healthcare & health-tech.

We hear about it from well intentioned consultants/ advisers in advance, but it takes time for small businesses to react to things they know and understand, let alone things they don’t (e.g. cyber security & privacy as a culture).

We’ve been building a community of advisers at coreplus for some time and one of the key reasons is that we recognize how important it is for healthcare businesses to embrace knowledge, processes and systems that deal with the business side of things in a better way and specific to the laws of Australia.

I strongly encourage you to build a team of advisers around your business that represent skills/ capabilities that YOU don’t have or are not strong at.

Such skills could be book keeping, tax, cash-flow management, marketing, referral management amongst other things as well as security and/ or privacy.

This blog is focused on some recent statistics issued by the OIAC (Office of Australian Information Commissioner).

So let’s look at some insights:

Notifiable Data Breach: June Quarter 18: Executive Summary


Of the 242 notifications system faults where minimal and related to systems outside of the healthcare industry e.g. financial technology.

Key Insight: Security & Human Error represented the majority of breaches.

Let’s take a look in more detail:

Chart 1.1 — Number of data breaches reported under the Notifiable Data Breaches scheme by month — All sectors

chart1.1 – Number of data breaches reported: month by month since January 2018 under the Notifiable Data Breaches scheme.


Naturally there’s a trend upward given the scheme on recently came into play.

I would expect this to continue growing as more Australian’s become aware of the scheme and inform businesses they are interacting with that they have experienced a breach.

This of course is in addition to companies under the scheme self reporting when they become aware of breaches through internal processes.

Chart 1.2 — Number of individuals affected by data breaches in the quarter — All sectors

Number of individuals affected – All sectors.


This graph shows 63% of breach events affected small groups of less than 100 people.

Chart 1.3 — Kinds of personal information involved in data breaches by number of notifications — All sectors

NB: Data breaches may involve 1 or more kinds of personal information.


Although this graph shows 25% of breaches specifically related to health information as defined by section 6FA of the Privacy Act 1988 (Cth), other information is more prevalent when breaches have occurred e.g. contact, financial & identity.

Chart 1.4 — Malicious or criminal attack breakdown — All sectors


Malicious or criminal attacks were the largest source of data breaches this quarter, accounting for 59 per cent.



Ensuring you have tight security to the outside world is always good advice, but how do you deal with theft of paperwork or data storage devices?

Essentially this is a case for using products like coreplus where data is stored offsite, electronically and available to you as and when needed using secure log in credentials and two factor authentication (2FA).

Key Observation: If a breach is likely to occur, Client files stored in paper form or on portable hard drives/ pc’s most likely to result in theft and/ or cyber incident.

Here’s what cyber incidents looked like across the breaches reported:

Chart 1.7 — Cyber incident breakdown — All sectors


The majority of cyber incidents linked to credentials compromised.


These statistics really demonstrate that the security policies and cultural adoption of the policies within your practice can really make a difference.  Brute Force Attacks should be easy to protect against by using stronger passwords and password management.

If you want some guidance here, check out products like Dashlane or similar which do a great job in allowing you to apply long, complicated passwords without even having to remember them all.  This means you can make a real difference to the risks of being breached by having a unique password for everything you need a password for.  Feel free to contact our Customer Success Team for more information using your in-product direct messaging application.

I won’t bang on about it further as the report goes on into more and more detail.

If you have a further interest see the OAIC’s using the link provided.

I’m planning a further review of the Top 5 Sectors affected as Health service providers is Number 1 in terms of number of data breaches received and I’m interested in what we’ll take from those statistics.  Looking forward to sharing some more insights and responding to any thoughts/ comments you have.


Recent Stories


Transform your audiology practice with coreplus’ NEW Hearing Services Program integration

Welcome to the future of audiology practice management! coreplus is excited to introduce our latest… Read More

By Diana Younan | Dec 05, 2023


Extend the impact of your therapy sessions with the help of Theratrak, our newest Add On partner

Did you know that research suggests that the minute a patient walks out the door,… Read More

By Enzemam Moeen | Aug 17, 2022


How to Improve Success of Telehealth for Clients and Clinics

Clinics and clients both stand to benefit from telehealth services, but only when done correctly…. Read More

By Diana Younan | May 30, 2022

Subscribe to a weekly dose of coreplus news