Australian Health Department Accidentally Lleaks 2.9 Million Patients Records

The data included medical treatment and terminated pregnancies.

Fasten Inadvertently Leaks 1 Million Users' Sensitive Data

The Australian Department of Health has revealed that they recently disclosed private details of the public unknowingly. The Ministry gaffe saw data such as the type of medication, surgeries, pregnancy terminations, and medical health treatment being revealed. According to reports, the data was released in August 2016 by the Medicare Benefits Scheme and Pharmaceutical Benefits Scheme.

Apparently, the released data was supposed to be anonymized but the ministry had made a mistake in that regard. The data also showed the billing records of Australians going as far back as 1984 up-to 2014. However, after releasing the data, researchers at the University of Melbourne discovered that the data could be traced back to individuals. This was possible even without the use of decryption techniques. All the attacker needs in such cases would be informed of the patient such as the date of birth.

Dr Chris Culnane, one of the chief conductors of the study, said that they discovered it was easy to see the patient’s details by linking unknown information with that which was already known. Dr Culnane conducted the study together with Dr Benjamin Rubenstein and Dr Vanessa Teague. Dr Culnane also said that these kinds of mistakes showed the risks shown by data sharing.

After being notified by researchers that the data they released could be used to identify patients, the government moved swiftly to remove the public records. The researchers had gone as far as identifying the medical records of at least seven prominent Australian figures. Of the seven, three are of former or current Australian MPs and one was of an Australian Football League player.

Dr Rubenstein said that even though there were some cases with inaccuracies, they could cross reference other data to narrow it down. He went on to note that because only 10 percent of the population had been targeted, they could easily be mistaken with someone who was not in the records. However, to rectify this, the researchers would cross reference with an Australian wide billing record. They also used bank statements records to cross-reference.

Dr Teague added that the act of releasing data such health records and tax records was risky. The project, which he said is mainly meant to protect individual privacy and at the same time publicize it, is bound to fail.

After being contacted for comment, the Health Department said that fortunately there were no bad actors involved. No one was identified after the data release, and they had managed to get everything under control. A spokesman said that the plan had been halted, and the dataset was not being released anymore. The spokesman also went on to clarify that the government was working with the University of Melbourne to brainstorm ideas on how best they could tackle the issue.

The Greens digital rights spokesperson, Senator Jordon Steele-John said that the breach was one of a grandest scale.