Details of 12,000 people were accessed by a non-authorised third party and medical records of more than 120 people deleted.

SA Health confirmed on Saturday morning the health information of 121 patients using the Digital Patient Pathways platform at the Central Adelaide Local Health Network and Southern Adelaide Local Health Network had been accessed and deleted by “an unauthorised third party” on October 16.

Personify Care, who provides the software that is used to exchange information with patients about their health care including treatment plans, began notifying affected patients Saturday morning, 12 days after the data breach.

Health and Wellbeing Minister Chris Picton defended the delay and said it was due to the evolving nature of the incident as details were only finalised on Friday.

“We have done this as soon as we possibly can to be proactive, to be transparent and to make sure we could do it as soon as the patient information had been confirmed,” Mr Picton said.

Mr Picton said that the error occurred when an encryption key was made available to the unknown third party individual or group who breached the system.

Mr Picton confirmed the affected folder contained the names and phone numbers of 12,624 CALHN patients used to invite them to the system.

SA Health Chief Executive Dr Robyn Lawrence said the incident was very disappointing, but there was no evidence the information had been taken and urged patients to not disrupt their current care.

“I would like to encourage patients, if they are users of the Personify Care interface with SA Health to not suddenly stop using it without consulting their healthcare practitioner,” Dr Lawrence said.

The breach was confirmed by independent forensic analysis, which found no data had been copied or downloaded.

Shadow Minister for Health Ashton Hurn said in response to the data breach that the Labor Government and SA Health must take all appropriate steps to ensure the integrity of its system.

“There’s nothing more sensitive than our individual medical records, so it’s incredibly concerning to learn that the records of more than a hundred South Australians were able to be tampered with – particularly off the back of the Super SA cyber attack,” Ms Hurn said.

“It will be particularly worrying for anyone who has had their medical records deleted, all efforts must be made to contact those people and try to recover that information.”

A statement released by SA Health said the private company had engaged an expert advisory firm to provide an independent assessment of the additional measures they were implementing to prevent the incident from happening again.

Personify Care Chief Executive Ken Saman issued a statement on Saturday and said the situation had been resolved and extended apologies to affected customers.

“We understand the distress this incident may have caused … and we take our responsibility for privacy and security with the utmost seriousness,” Mr Saman said.

Mr Saman said the incident was detected and corrective measure taken within two hours of its occurrence.

SA Health has appointed an independent consulting firm to co-ordinate the government’s action and response to the incident, including seeking independent legal advise regarding the continued use of the Personify Care systems.

Patients who are concerned their details have been accessed or deleted can call 08 7111 3404.

Originally published as Personify Care patient data hack ‘human error’, Health Minister Chris Picton says