Northern Territory Health says the onus is on individuals to check if the privacy of their medical records has been breached by the government.
On Thursday, the ABC revealed that more than 50,000 patients had their identifiable health files sent between two NT government departments in 2018 and 2019 as part of a software system upgrade.
More than 3,000 of those records were then sent to global software vendor Intersystems, which has offices in 27 countries, including in Europe, South America and China.
Some patient items were classed as having very-high or high clinical risk, such as psychology reports and psychiatric facility visits, termination of pregnancy or stillbirth records, and electroconvulsive therapy — also known as electric shock therapy — records.
Chief Minister Natasha Fyles, who was health minister at the time, never made the privacy breach public.
Richard Buckland, professor of cybercrime at the University of New South Wales, has told the ABC the government should reach out to people impacted.
In a statement to the ABC, NT Health said if people were concerned, they should contact the department's information and privacy unit.
The department said the identifiable data was deleted following the breach, and internal controls were strengthened to minimise the chance of a reoccurrence.
'There's nothing you can do'
Cyber security expert Dr Vanessa Teague said people impacted couldn't realistically do anything that would help their predicament.
"I'm very sorry, but there's nothing you can do," she told ABC Radio Darwin.
"This is why we need better privacy laws, because after somebody has irresponsibly … on-shared your data, there's nothing you can do.
"That's why it's so important to have better privacy laws."
She said Northern Territory laws needed to be updated to "punish the people" who undertake "irresponsible practices" with personal data.
"I don't think there's an alternative to stronger regulation," she said.
"Because unless people have an incentive to give a damn, this kind of thing is going to keep happening."
The NT's Shadow Health Minister Bill Yan said the public should have been notified about the data incident.
"We have been asking Natasha Fyles for years in [budget] estimates about the Acacia [software] system and she has been … telling us there were no issues," he said.
"[She] must front up … and answer some very serious integrity questions."
Department of Corporate and Digital Development acting chief executive Chris Hosking sought to downplay the privacy breach.
"The majority of these files were aggregated in our secure IT environment and stored in a place that only appropriately authorised people had permissions to access them," he told ABC Radio Darwin.
"There would have been a small number of Intersystems people who were part of those technical teams, people who are under confidentiality obligations as part of their contractual requirements, who were working on those templates to configure them as new screens in the system."
NT Health chief executive Marco Briceno admitted there had been a breach of protocol.
"We shouldn't have sent the information the way it was."