Users’ personal data “may have been improperly accessed” in HealthEngine data breach

HealthEngine, Australia’s largest online health marketplace, has notified users of a data breach after information was exposed and “may have been improperly accessed” in its web page’s code.

In a press release, HealthEngine CEO Dr Marcus Tan said that a “small group” of customers may have had their personal data “improperly accessed” through the company’s Practice Recognition System on its website.

According to the statement, as many as 59,600 patient feedback entries could have been accessed, although only 75 of these contained personally identifiable data.

The 75 individuals have been contacted and the breach has been reported to the Office of the Australian Information Commissioner. In the meantime, HealthEngine has removed all published patient feedback from its website. No further action is required from users.

The data breach comes just days after HealthEngine came under fire over claims it shared users’ personal information with compensation lawyers.

What can you do as an organisation?

To avoid the reputational damage and financial penalties associated with data breaches, organisations should consider ISO 27001, the international standard that describes best practice for an ISMS (information security management system).

The Standard provides a proven framework for managing information security, using an integrated set of recommended policies, procedures, documents and technology.

Protect your organisation from data breaches

IT Governance is the leading global provider of IT governance, risk management and compliance solutions. You can find out more about our services on our website.

Download our free ISO 27001 data sheet to discover:

  • How ISO 27001 can improve information security;
  • The benefits of achieving certification;
  • How the Standard works;
  • What to consider when tackling the Standard; and
  • How to overcome the initial implementation barriers.

Download now >>