A cybersecurity expert has called for organisations to develop better policies and secure technology to protect personal data.
The personal details of patients at a major Melbourne hospital have been compromised after cybercriminals hacked a staff member’s private email.
The breach has prompted a call from a Melbourne cybersecurity expert for organisations to develop better policies and secure technology to protect personal data.
Professor Monica Whitty, head of the Department of Software Systems and Cybersecurity at Monash University’s Faculty of Information Technology, said the case demonstrated the need for workplaces to develop policies and secure technology that understood and acknowledged how employees behaved while accessing their organisation’s online networks.
“Research shows that these ‘accidental insiders’– employees who accidentally expose data or create vulnerabilities in their cyber workspace – do not have bad intentions towards an organisation, and when they find security workarounds it is often because they are committed employees who want to do their jobs effectively,” she said.
“This is primarily because often, technological security systems seem to pose delays and prevent productivity or efficiency in the workplace.
“The covid pandemic opened up new ways of working, for example working from home; however, industries need to enable employees to adopt different working styles while ensuring their information systems are secure.”
The Herald Sun reported that the Royal Women’s Hospital (Melbourne) apologised to 192 patients last night after an investigation revealed their personal details were potentially stolen by the hackers.
“(We are) very sorry to advise of a recent incident where cybercriminals gained access to the private email account of a staff member,” a hospital spokesman said in a statement.
“We are taking this matter very seriously and apologise sincerely for any distress and inconvenience caused to affected patients.”
The breach reportedly occurred when an employee forwarded work emails to their private email account to review and co-ordinate their patient appointments.
The staff member’s private email was later hacked by cybercriminals and some of the patient’s’ personal details may have been accessed, the Herald Sun reported.
A forensic investigation was conducted by cybersecurity experts and the majority of the affected patients were notified yesterday morning. The remainder will be notified by registered mail.
The hospital released a statement assuring patients that medical records were not accessed and that the hospital’s official information systems were not hacked.
“The Women’s is thoroughly investigating the attack and has put in place actions to ensure that affected patients receive accurate information and adequate support,” the statement said.
Do you have a story tip for us, or a topic you would like to see us cover? Contact the editor at editor@healthservicesdaily.com.au.