An audit has concluded that patient data within the health system in Victoria, Australia, could easily be breached. Victoria’s auditor general Andrew Greaves and his office were able to successfully hack into some of the state’s largest health databases, highlighting “a significant and present risk” to Australian citizens’ patient data, as stated in their report.
Auditors were able to access the restricted administration and corporate offices of all the parties examined. In some cases, they were could also gain access to areas storing critical technology infrastructure. Several of the organisations were still using default manufacturer account names and passwords on key devices such as servers, the details of which are easily available to view online.
The security infrastructure surrounding the Department of Health and Human Services and the Department of Justice and Community Safety was also investigated. This was found to be adequate but suboptimal in effectiveness due to a laissez-faire approach to safety culture. Overall, organisations were ruled to have failed to have been sufficiently proactive in taking a whole-of-hospital approach to security. All of the audited health services accepted the auditor general’s recommendations to tighten security of patient data.