On Saturday, SA Health Australia issued a press release on its official website stating that the Womens and Childrens Hospital in Australia’s fifth largest city, Adelaide, was accidentally exposed due to staff errors. Medical records and personal data of approximately 7,200 children.
According to abc.net.au
, approximately 7,200 children were leaked
online. According to reports, these data belong to the Women’s and Children’s Hospital of Australia’s SA Health. Among them, detailed information on patients who received pertussis, gastrointestinal and respiratory infections at the hospital from 1996 to 2005.
According to SA Health, the data was accessible to the public via the Internet as early as 2005, until the patient’s parents noticed the data online last Wednesday. This also means that the data has been exposed online for nearly 13 years.
Phil Robinson, head of the Women’s and Children’s Hospital, described the incident in more detail. He explained: “The patient information was included in an academic presentation on childhood infections that was posted to the WCH website in 2005. It contained embedded data with the names, date of birth and test results for around 7,200 pathology tests taken between 1996 and 2005.“
Although the site removed the report in 2016, its authors seem to have forgotten to remove the source link. Therefore, anyone can access this data through a document sharing site.
SA Health explained the incident in a press release on Saturday and described their handling of the incident. After reviewing, the IT team found that two document sharing sites, dokumen[.]tips and docslide.com[.]br, displayed this data without authorization. Currently, this data has been removed from both sites.
Phil Robinson said: “Once we are alerted to the error late Wednesday afternoon, we identified the nature of the information and contacted the website administrators who removed the presentation containing the data by Thursday afternoon. However, because the data was stored in a cache, it wasn’t completely removed from the internet until late last night.“
Phil Robinson said they have determined that the risk of leaking data involved in this incident is low. He said: “Our IT security team advise that the risk of anyone discovering the embedded information within the presentation is extremely low. We have no evidence to suggest that any of the information has been used inappropriately.“
Due to the huge amount of data involved, SA Health did not notify each affected patient one by one. It only announced the incident through a press release and expressed that it also reviewed other websites to learn about other websites.