Get all your news in one place.
100’s of premium titles.
One app.
Start reading
ABC News
ABC News
Health

Patients told to contact NT Health following privacy breach of identifiable medical records

Patients including those classed as having high and very-high clinical risk have been impacted by the breach.  (ABC News: Che Chorley)

Northern Territory Health says the onus is on individuals to check if the privacy of their medical records has been breached by the government.

On Thursday, the ABC revealed that more than 50,000 patients had their identifiable health files sent between two NT government departments in 2018 and 2019 as part of a software system upgrade.

More than 3,000 of those records were then sent to global software vendor Intersystems, which has offices in 27 countries, including in Europe, South America and China.

Some patient items were classed as having very-high or high clinical risk, such as psychology reports and psychiatric facility visits, termination of pregnancy or stillbirth records, and electroconvulsive therapy — also known as electric shock therapy — records.

Chief Minister Natasha Fyles, who was health minister at the time, never made the privacy breach public.

NT Health commissioned an incident report in 2019 to quantify the scale of data transferred. (ABC News: Randi Dahnial)

Richard Buckland, professor of cybercrime at the University of New South Wales, has told the ABC the government should reach out to people impacted.

In a statement to the ABC, NT Health said if people were concerned, they should contact the department's information and privacy unit.

The department said the identifiable data was deleted following the breach, and internal controls were strengthened to minimise the chance of a reoccurrence.

'There's nothing you can do'

Cyber security expert Dr Vanessa Teague said people impacted couldn't realistically do anything that would help their predicament.

"I'm very sorry, but there's nothing you can do," she told ABC Radio Darwin.

Vanessa Teague says there are lack of consequences for data beaches. (ABC News: Kyle Harley)

"This is why we need better privacy laws, because after somebody has irresponsibly … on-shared your data, there's nothing you can do.

"That's why it's so important to have better privacy laws."

She said Northern Territory laws needed to be updated to "punish the people" who undertake "irresponsible practices" with personal data.

"I don't think there's an alternative to stronger regulation," she said.

"Because unless people have an incentive to give a damn, this kind of thing is going to keep happening."

The NT's Shadow Health Minister Bill Yan said the public should have been notified about the data incident.

"We have been asking Natasha Fyles for years in [budget] estimates about the Acacia [software] system and she has been … telling us there were no issues," he said.

"[She] must front up … and answer some very serious integrity questions."

Department of Corporate and Digital Development acting chief executive Chris Hosking sought to downplay the privacy breach.

"The majority of these files were aggregated in our secure IT environment and stored in a place that only appropriately authorised people had permissions to access them," he told ABC Radio Darwin.

"There would have been a small number of Intersystems people who were part of those technical teams, people who are under confidentiality obligations as part of their contractual requirements, who were working on those templates to configure them as new screens in the system."

NT Health chief executive Marco Briceno admitted there had been a breach of protocol.

"We shouldn't have sent the information the way it was."

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.