Audit finds Australian patient data vulnerable to cyber attacks

3 June 2019

An audit has concluded that patient data within the health system in Victoria, Australia, could easily be breached.  Victoria’s auditor general Andrew Greaves and his office were able to successfully hack into some of the state’s largest health databases, highlighting “a significant and present risk” to Australian citizens’ patient data, as stated in their report.

Auditors were able to access the restricted administration and corporate offices of all the parties examined. In some cases, they were could also gain access to areas storing critical technology infrastructure. Several of the organisations were still using default manufacturer account names and passwords on key devices such as servers, the details of which are easily available to view online.

The security infrastructure surrounding the Department of Health and Human Services and the Department of Justice and Community Safety was also investigated. This was found to be adequate but suboptimal in effectiveness due to a laissez-faire approach to safety culture. Overall, organisations were ruled to have failed to have been sufficiently proactive in taking a whole-of-hospital approach to security. All of the audited health services accepted the auditor general’s recommendations to tighten security of patient data.



Privacy Policy
We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.