NewsBite

7000 patient records from Women’s and Children’s hospital exposed online in embedded data

MORE than 7000 Women’s and Children’s Hospital patients records were exposed online in a huge data bungle.

Simeon Thomas-Wilson
2 min read
August 4, 2018 - 4:20PM
Patient records from the Women’s and Children’s Hospital were exposed online until the breach was discovered and closed on Friday night.
Patient records from the Women’s and Children’s Hospital were exposed online until the breach was discovered and closed on Friday night.

MEDICAL records of more than 7000 people were exposed online for 13 years, forcing an urgent review by SA Health into whether there were any other breaches.

Names, date of birth and test results for around 7200 pathology tests at the Women’s and Children’s Hospital from 1996 to 2005 were leaked online as part of an academic presentation on childhood infections posted to the hospital website in 2005.

Executive director of corporate services Phil Robinson said the data was present upon a click of a graph.

He said SA Health was informed of the leak on Wednesday after a parent of one of the people named found the document on Google and made a complaint to the Health and Community Services Complaints Commissioner.

“We are conducting a complete review of all SA Health websites to find out if this has happened anywhere else,” Mr Robinson.

“We have set up a 24-hour information hotline for anyone who may have concerns about it.”

The test results related to patients who were treated at the hospital for respiratory infection, gastro or whooping cough and were included in a presentation by a clinician who no longer works for SA Health.

It was on the hospital website from 2005 to 2016 before being removed, but had also been uploaded to two external document sharing sites.

The personal data has since been removed from the sites, but the presentation still remains on four file sharing sites but not with the embedded patient data.

Mr Robinson said it was not known whether anyone actually accessed the embedded data, but the presentation had been accessed more than 300 times.

“Whether they would have thought to press the button on the power point, I would think that would be unlikely,” he said.

“There will be an instruction given to all SA Health staff … that data is not linked to presentation.”

Mr Robinson said it was in no way related to the $2 billion My Health Record that has many concerned about potential data breaches.

Privacy Foundation health committee chair Bernard Robertson-Dunn said it showed just how big of a risk there was with health data being leaked.

“You can’t really prevent something like this from happening again,” he said.

“They should have taken better care of it.”

Opposition health and wellbeing spokesman Chris Picton said it was good to see that SA Health took immediate action to fix the issue.

“Personal health data must always be dealt with in the utmost care,” he said.

“It is important that SA Health also check there haven been no other similar issues across other hospitals.”

Anyone with concerns can call an information line on 8155 5654.

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

Original URL: https://www.adelaidenow.com.au/news/south-australia/7000-patient-records-from-womens-and-childrens-hospital-exposed-online-in-embedded-data/news-story/0281a9d60187959db721ffefc9dac5c8