NewsBite

Advertisement

This was published 1 year ago

QIMR apologises after skin cancer study patients’ data leaked

By Stuart Layt

A data hack has exposed the details of more than 1000 people who participated in a major skin cancer study but the Brisbane-based medical institute insists no other studies are at risk.

Hackers compromised QIMR Berghofer medical research institute’s data in November 2022, accessing information collected by data company Datatime, retained by QIMR.

It has been confirmed 1128 people who gave information to Datatime were affected, with their names, addresses and Medicare numbers believed to have been obtained.

Professor David Whiteman, who runs QSKIN, Australia’s largest skin cancer study at QIMR, said they had been advised to contact people affected directly, rather than make a public announcement in November about the breach.

He stressed the hack had targeted Datatime rather than QIMR, and the medical data of the thousands of other participants in QSKIN and other QIMR studies had not been breached.

“The information that has been potentially breached was on a contractor’s server,” he said.

“We use those people because they have the expertise to gather and process the survey data.”

In a statement, QIMR said it was “extremely sorry” about the breach and that it took such matters seriously.

Whiteman defended the decision not to go public with the leak until a media report by the ABC revealed it, as QIMR continued recruiting for QSKIN and other studies.

Advertisement

“Other studies are not using that contractor, so that is not relevant to those studies,” he said.

Datatime was provided with the names and addresses of about 10,000 people by QIMR to contact for participation in QSKIN.

Loading

The 1128 people affected were the ones who completed a survey sent to them, although no genetic or other detailed medical data was believed to have been involved.

Datatime reportedly notified all relevant government departments of the breach as soon as it became aware of it.

The timing of the breach put it about the same time as other high-profile hacks late last year, including data breaches at telecommunications provider Optus and private health fund Medibank.

QIMR was previously caught up in the international Accellion data breach in 2021, although in that case no identifiable patient data was taken.

Most Viewed in National

Loading

Original URL: https://www.watoday.com.au/national/queensland/qimr-apologises-after-skin-cancer-study-patients-data-leaked-20230320-p5ctm5.html