7200 Women’s and Children’s Hospital patient records, test results exposed online for 13 years

Exploit: Negligence.
Risk to Small Business: High: The sensitive nature of the data exposed as well as the scope of the breach will cost the organization the trust of its customers and could possibly result in hefty fines.
Individual Risk: High: The data exposed by the organization could be extremely useful for bad actors to impersonate them, in addition to the high value of personal medical information on the Dark Web.
The Women’s and Children’s Hospital: An Adelaide based health care facility that provides treatment for women, babies and children.
Date Occurred/Discovered: Occurred over the last 13 years
Date Disclosed: August 6, 2018
Data Compromised:  

  • Names
  • Date of birth
  • Test results

Customers Impacted: 7,200 individuals.

The Women’s and Children’s Hospital in Adelaide, Australia, accidentally exposed thousands of children’s patient records, test results and other confidential information online for about 13 years. Patients who were treated at the hospital for whooping cough, gastro and respiratory infections between 1996 and 2005 were impacted in the breach.

The sensitive information was found embedded in a PowerPoint presentation on infectious diseases and published on the hospital’s website back in 2005. Exposed data included the names, dates of birth and test results of more than 7200 children

The hospital didn’t even realise

A Parent who searched for their child’s name online, found the presentation and immediately alerted authorities, SA Health has announced that the presentation was downloaded and view more than 300 times, But nobody will ever know how many copies were saved and accessed by people with malicious intent