Tasmania Health Data Breach Sees Patient HIV Status Published Online

A massive data breach has been revealed at Tasmania’s Health department, with reports that any person who called the State’s ambulance services since November 2020 have had their personal details posted publicly online. The data posted include people’s HIV status, gender, age and addresses, the ABC reported. 

The breach occurred in Ambulance Tasmania’s paging system, with the state Health Department now referring the matter to Tasmanian Police. There are fears that the privacy breach would leave vulnerable persons open to discrimination and stigma. 

26,000 Pages Of Information

“Over 26,000 pages of pager messages have been published, including patients’ condition, personal details, addresses, HIV status, gender and age,” Health and Community Services Union Tasmania, posted on its Facebook page.

According to the reports, since November anyone who called Ambulance Tasmania have had their private information published publicly online. 

State Health Minister Sarah Courtney said that while the matter was being investigated, access to the website that posted the private information had been blocked.

“Appropriate steps have been taken by Ambulance Tasmania to limit the transmission of postal information via the paging system, balanced against the need to ensure patient and staff safety in responding to incidents in paramount,” said the minister.

“It is my understanding that the access to the site has been blocked. This is an extremely concerning matter that will be further investigated. However I would like to reassure the Tasmanian community that it is safe to call 000 in an emergency, and we have taken steps to safely respond to this situation.”

 The opposition Labor doubted the health department’s claim that they had come to know about the issue only on Friday and asked the government to “come clean” about it. 

‘Horrifying’ data breach

“To think the personal details including the names, health condition and addresses of patients who have called for an ambulance since November are online for all to see is just horrifying,” Shadow Minister for Ambulance Services Sarah Lovell said in a statement. 

“To be in a situation where you’re calling an ambulance in the first place is distressing enough, but then to have your personal details posted and kept up online for all this time is too much,” added Lovell. 

HACSU secretary Tim Jacobson said that the data breach was unbelievable. “If I were a patient I’d be upset, I’d be concerned, and I would want to know immediately both what the Government has done about closing off this but also what the Government’s now doing or likely to do to address any real breaches of privacy for those patients.”

Digital rights advocate Justin Warren questioned on Twitter about the handling of patient data.  “Perhaps the various health departments could explain why they’re broadcasting unencrypted patient info over wide geographic areas for anyone to listen to?”

https://twitter.com/jpwarren/status/1347401093592961024

In July 2020, a similar breach had occurred in Western Australia, with the health department confirming that private patient information distributed over a third-party paging service was published online. 

If you feel distressed reading the story, you can reach out to support services.

For 24 hour crisis support and suicide prevention call Lifeline on 13 11 14

For Australia-wide LGBTQI peer support call QLife on 1800 184 527 or webchat.