register

News & Trends - MedTech & Diagnostics

Pioneering legal action to set precedent for stringent cybersecurity standards in healthcare

Health Industry Hub | November 6, 2023 |

MedTech & Diagnostics News: The Australian Information Commissioner (AIC) has launched civil proceedings against the pathology services provider, Australian Clinical Labs, following a major data breach of its subsidiary, Medlab Pathology, that compromised the sensitive personal information of over 223,000 patients and staff members. The breach, which occurred between May 26, 2021, and September 29, 2022, resulted in the theft of health records and credit card data, casting a shadow of concern over the organisation’s cybersecurity practices.

The AIC filed the lawsuit in the Federal Court of Australia, alleging that pathology provider Australian Clinical Labs had inadequate cybersecurity measures in place to protect the personal information it held. The breach exposed 17,539 medical and health records, 28,286 credit card numbers, and a staggering 128,608 Medicare numbers.

AIC Commissioner Angelene Falk emphasised the importance of organisations safeguarding the information they possess, stating “Organisations are responsible for protecting the information they hold, including effectively managing cybersecurity risk. We consider that ACL failed to take reasonable steps to protect personal information it held for an organization of its size with its resources, and considering the nature and volume of the sensitive personal information it handled.”

Commissioner Falk further criticised Australian Clinical Labs for its delayed notification of the data breach. She added “As a result of their information being on the dark web, individuals were exposed to potential emotional distress and the material risk of identity theft, extortion, and financial crime.”

Australian Clinical Labs generated a substantial revenue of $995.6 million in the financial year ending June 2022. Despite the legal action, the company has voiced its commitment to defending against the AIC’s claims and stands firm on the robustness of its cybersecurity systems.

The AIC’s legal action also alleges that Australian Clinical Labs failed to carry out an adequate assessment of whether the Medlab incident represented an eligible data breach within 30 days, as required by the Privacy Act. According to the Privacy Act, an eligible data breach occurs when there is unauthorised access, disclosure, or loss of personal information held by an organization or agency.

The news of these legal proceedings against Australian Clinical Labs comes in the wake of the Australian Cyber Security Centre’s discovery of multiple vulnerabilities in Atlassian’s Confluence Data Centre and Server product. Described as an improper authorisation vulnerability affecting the server software, this discovery raises concerns regarding data security in the broader digital landscape.

The Privacy Act includes 13 legally binding Australian Privacy Principles (APPs) applicable to organisations and government agencies covered by the Privacy Act (APP entities). The Federal Court can impose a civil penalty of up to $2.2 million for each contravention of section 13G.

The Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022, enacted in December 2022, has introduced significantly higher civil penalties of $50 million for serious privacy breaches. However, these new penalties will not apply to the AIC’s proceedings against Australian Clinical Labs, given that the alleged conduct occurred before the updated penalty provisions came into effect.

In response to the Privacy Act review report, the Australian Government has agreed to amend section 13G of the Privacy Act to clarify that a “serious” interference can include repeated interferences with privacy. Additionally, they have proposed introducing new mid-tier civil penalty provisions to address privacy breaches that do not meet the threshold of being “serious” and implementing low-level civil penalty provisions for specific administrative breaches of the Privacy Act and APPs, along with infringement notice powers for the OAIC.

As the legal case against unfolds Australian Clinical Labs, it remains to be seen how the case against Australian Clinical Labs will progress and whether it will set a precedent for stringent data protection measures and accountability within the healthcare sector.

In reimagining healthcare, Health Industry HubTM is the ONLY one-stop-hub uniting the diversity of Pharma, MedTech, Diagnostics & Biotech sectors to inspire meaningful change. The exclusive leadership and influencer podcasts and vodcasts offer unparalleled insights and add immense value to our breaking news coverage.

The Health Industry HubTM content is copyright protected. Access is available under individual user licenses. Please click here to subscribe and visit T&Cs here.


News & Trends - MedTech & Diagnostics

Government's rejection of COVID Royal Commission a stark contrast to the UK and NZ

Government’s rejection of COVID Royal Commission a stark contrast to the UK and NZ

Health Industry Hub | September 20, 2024 |

The Albanese government has dismissed the Senate legal and constitutional committee’s proposal for a COVID-19 pandemic royal commission with one […]

More


News & Trends - Biotechnology

AusBiotech and MTPConnect Unite for Landmark Summit on Australia’s Biotech and Medtech Future

AusBiotech and MTPConnect unite for landmark Summit on the nation’s biotech and medtech future

Health Industry Hub | September 20, 2024 |

AusBiotech and MTPConnect have announced an ambitious new collaboration to host Australia’s first National Biotech and Medtech Development and Commercialisation […]

More


ESG

Wear It Red Day ignites national movement for chronic pain recognition, demanding voices be heard

Wear It Red Day ignites national movement for chronic pain recognition, demanding voices be heard

Health Industry Hub | September 20, 2024 |

Today marks the first ever national Wear It Red Day. An initiative of Painaustralia, the national peak advocacy body for […]

More


News & Trends - Pharmaceuticals

Targeted therapy with Astellas’ Xtandi improves prostate cancer outcomes for Aussie patients

Targeted therapy with Astellas’ Xtandi improves prostate cancer outcomes for Aussie patients: New study

Health Industry Hub | September 20, 2024 |

Pharma News: New research from the led by the Australian and New Zealand Urogenital and Prostate Cancer Trials Group (ANZUP) […]

More


This content is copyright protected. Please subscribe to gain access.