63 data breach reports filed in Q1
There were 63 notifiable data breach reports filed since the mandatory reporting scheme was introduced in late February and until the end of March, according to the Office of the Australian Information Commissioner (OAIC).
Of the total, the largest proportion of breaches reported to the OAIC came from the healthcare sector (15), followed by legal, accounting and management services (10), the finance sector (8), education (6) and charities (4).
The large majority (78%) of data breaches covered contract information, such as a customer’s name email address, home address or phone number.
One in three data breaches included health information, 30% covered financial details such as bank account or credit card numbers and 24% exposed identity information such as tax file numbers.
Human error was to blame for the slight majority (32) of data breaches, but almost as many (28) involved malicious or criminal attacks.
Meanwhile 73% of data breaches reported involved the personal information of under 100 individuals, with just over half involving fewer than 10 individuals. But three breaches affected between 10,000 and 99,999 individuals and a further three involved between 1000 and 9999.
Mimecast Principal Technical Consultant Garrett O’Hara commented that it’s no surprise that healthcare information is over-represented in the statistics. “Healthcare organisations face unique challenges in coordinating care among many internal and external parties, while needing to maintain strict compliance of protected health and patient information,” he said. “One of the issues with the health sector is the reliance on legacy systems. During the WannaCry ransomware attack last year, the prevalence of older unpatched Window systems left organisations vulnerable to attacks.”
O’Hara added that in the face of the growing prevalence of data breaches it is essential that organisations have a cyber resilience strategy in place that covers patch management, application whitelisting, cloud email protection and cybersecurity awareness training.
Secure-by-design software development for digital innovation
The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...
Bolstering AI-powered cybersecurity in the face of increasing threats
The escalation of complex cyber risks is becoming a pressing issue for those in business...
How attackers are weaponising GenAI through data poisoning and manipulation
The possibility for shared large language models to be manipulated through data poisoning...
