Yet another Australian health data base compromised

The Age, 20 February 2019:

A cyber crime syndicate has hacked and scrambled the medical files of about 15,000 patients from a specialist cardiology unit at Cabrini Hospital and demanded a ransom.

The attack is now the subject of a joint investigation by Commonwealth security agencies.

Melbourne Heart Group, which is based at the private hospital in Malvern, has been unable to access some patient files for more than three weeks, after the malware attack crippled its server and corrupted data.

The malware used to penetrate the unit's security network is believed to be from North Korea or Russia, while the origin of the criminals behind the attack has not been revealed.

The online gang responsible for the data breach demanded a ransom be paid in cryptocurrency before a password would be provided to break the encryption.

The Age understands that a payment was made, but some of the scrambled files have not been recovered, among them patients' personal details and sensitive medical records that could be used for identity theft.

Some patients were told that their files had been lost but were not given any explanation. Others have turned up for appointments for which the hospital had no record.

The Australian Cyber Security Centre, which is part of the Australian Signals Directorate – the government agency responsible for Australia's cyber warfare and information security – said it was assisting the hospital with cyber security advice.

The Australian Federal Police has also been briefed.

A Melbourne Heart Group spokeswoman said it was working with government agencies to resolve the issue.

Australian Royal Commission into Aged Care Quality and Safety now underway

Commencing in 2016-17 when Australian Prime Minister and Liberal MP for Cook Scott Morrison was then just the Federal Treasurer he cut $472.4 million from Aged Care funding over four years, then followed that up with a $1.2 billion cut over the same time span.

When deteriorating conditions in nursing homes around the country began to be reported in the media and the Oakden scandal came to light in 2017, concerned citizens began to call for a royal commission.

The Liberal Minister for Aged Care and Liberal MP for Hasluck Ken Wyatt was of the opinion that such an inquiry would be “a waste of time and money”.

Once Scott Morrison realised that ABC Four Corners was about to air an exposé on aged care provision he quickly changed his mind and announced the Royal Commission into Aged Care Quality and Safety on 16 September 2018.

www.agedcare.royalcommission.gov.au:

The Royal Commission into Aged Care Quality and Safety was established on 8 October 2018 by the Governor-General of the Commonwealth of Australia, His Excellency General the Honourable Sir Peter Cosgrove AK MC (Retd).

The Honourable Richard Tracey AM RFD QC and Ms Lynelle Briggs AO have been appointed as Royal Commissioners…

The Commissioners are required to provide an interim report by 31 October 2019, and a final report by 30 April 2020…

The Commissioners were appointed to be a Commission of inquiry, and required and authorised to inquire into the following matters:

a.    the quality of aged care services provided to Australians, the extent to which those services meet the needs of the people accessing them, the extent of substandard care being provided, including mistreatment and all forms of abuse, the causes of any systemic failures, and any actions that should be taken in response;

b.    how best to deliver aged care services to:

                i.        people with disabilities residing in aged care facilities, including younger people; and

               ii.        the increasing number of Australians living with dementia, having regard to the importance of dementia care for the future of aged care services;

c.    the future challenges and opportunities for delivering accessible, affordable and high quality aged care services in Australia, including:

                i.        in the context of changing demographics and preferences, in particular people's desire to remain living at home as they age; and

               ii.        in remote, rural and regional Australia;

d.    what the Australian Government, aged care industry, Australian families and the wider community can do to strengthen the system of aged care services to ensure that the services provided are of high quality and safe;

e.    how to ensure that aged care services are person‑centred, including through allowing people to exercise greater choice, control and independence in relation to their care, and improving engagement with families and carers on care‑related matters;

f.     how best to deliver aged care services in a sustainable way, including through innovative models of care, increased use of technology, and investment in the aged care workforce and capital infrastructure;

g.    any matter reasonably incidental to a matter referred to in paragraphs (a) to (f) or that [the Commissioners] believe is reasonably relevant to the inquiry.

A preliminary hearing was held in Adelaide on 18 January 2019.

At this hearing the Commissioner Tracy stated in part:

The terms direct our attention to the interface between health, aged care and disability services in urban, regional and rural areas. These issues necessarily arise because of Australia’s changing demography. We are also required to look at young people with disabilities residing in aged care facilities and do our best to deliver aged care services to the increasing number of Australians living with dementia. Part of our task is to examine substandard care and the causes of any systemic failures that have, in the past, affected the quality or safety of aged care services. We will consider any actions which should be taken in response to such shortcomings in order to avoid any repetition. This will necessarily involve us in looking at past 25 events. There have been a number of inquiries which have considered matters that, in certain respects, fall within our terms of reference. We are not required by the Letters Patent to inquire into matters which we are satisfied that have been, is being or will be 30 sufficiently and appropriately dealt with by another inquiry or investigation or a criminal or civil proceeding. As a general rule, we do not intend to re-examine matters which have been specifically examined in previous inquiries. We do, however, expect to examine the changes and developments which have followed previous inquiries, as well as the extent to which there has been implementation of recommendations from those inquiries. Where we have different views, they will be made known.

According to ABC News on 18 January 2018: Out of almost 2,000 Australian aged care providers invited to shed light on the sector ahead of the royal commission, only 83 have been forthcoming with information, the Adelaide inquiry was told.

The Guardian on 18 January reported: Counsel assisting Peter Gray said the commission had received more than 300 public submissions since Christmas Eve and 81% concerned provision of care in residential facilities, with staff ratios and substandard care the most common themes. The federal health department has also passed on 5,000 submissions it received before the commission’s terms of reference were set.

Interested members of the public can still make submissions as the Royal 

Commission will continue to accept submissions until at least the end of June 2019.

Details on how to make a submission can be found here.

The bad news for NSW North Coast regional communities just never ends

According to the Berejiklian Coalition Government’s Transport for NSW  website: The Community Transport Program (CTP) assists individuals who are transport disadvantaged owing to physical, social, cultural and / or geographic factors.  Individuals who do not qualify for other support programs may be eligible for community transport. CTP is funded by the NSW Government and aims to address transport disadvantage at the local level via community transport organisations.

In the Clarence Valley medical specialist services are rather thin on the ground and residents are frequently referred to medical practices and hospital clinics hundreds of miles away.

For communities in the Lower Clarence where a high percentage of the population are elderly people on low incomes this can frequently present a transport problem, as often there is no family member living close by to assist or the person’s peer friendship group doesn’t include anyone capable of driving long distances.

Community transport has been the only option for a good many people.

Until now…..

The Daily Examiner, 8 January 2019, p.3:

The thought of paying $200 for a trip to see her specialist about her medical condition made Yamba pensioner Gloria George glad she was sitting down when she made the call.

The 80-year-old said when she contacted Clarence Community Transport and was told the price to be taken by car to the Gold Coast for a Wednesday appointment, it could have brought on a heart attack.

Mrs George said CCT told her there was a bus service to the Gold Coast that ran on Monday, Wednesday and Friday for $70.

“My appointment was on Tuesday and the clinic I was booked into was not available on the other days,” she said.

“They said they had made cutbacks and the price to be driven to the appointment was $200.

“I’ve got a bad heart problem and I nearly fell over when they told me.

“Who can afford $200 to go to an appointment?”

Mrs George said she still has a licence, but would not feel safe driving to her appointment.

“I think I’ll be able to get a friend to drive me there and take me home again. I hope so,” she said.

The manager of CCT, Warwick Foster, said the price rise for services had come in when the government cut $250,000 from CCT’s funding when the NDIS came in last year.

“We could no longer afford to operate the bus five days a week,” he said. “And we can’t afford to drive people to appointments for the same fee we charge for the bus service.”

Mr Foster said the government subsidy for transport of $31 a trip created a juggling act for CCT to afford its services.

“Each trip, no matter the distance, is subsidised at $31,” he said.

“It doesn’t matter if the trip is across town or to Brisbane, the subsidy is the same....

Medicare Australia State of Play 2016-2018

The Australian Minister for Health and Liberal MP for Flinders Greg Hunt tweeted this on 16 August 2018:

Here are the facts on Medicare:
✅Today’s Medicare data shows a record bulk-billing rate of 86.1%
✅This is 4% higher than anything Labor could achieve
✅Almost 9 out of 10 trips to the GP are free
✅Funding for Medicare this year alone is $5.5 billion higher than Labor put in

— Greg Hunt (@GregHuntMP) August 16, 2018

So what is all this self-congratulatory chest-beating about?

According to the Department of Human Services in 2016–17 a total of 24.9 million people were enrolled in Medicare.

In 2017-18 Medicare recorded a total 419,852,601 Schedule Items on which Medicare benefits were paid.

This figure represents on average 1,672,091 items per 100,000 people.

According to Heath Minister Hunt the Medicare bulk billing rate in 2017-18 stood at 86.1 per cent of the total number of Medicare benefits claimed, leaving 13.9 per cent of Medicare benefits to be claimed by the patient.

Based on 2016-17 figures this would indicate in excess of 13.3 million of these Medicare benefits were claimed online by the patient.

Medicare also recorded 3,318,396 payments of Schedule Item 3 General Practitioner Attendances To Which No Other Item Applies, which is a medical service for which there is a 100% Medicare benefit.

That’s an average 13,216 items per 100,000 males and females between 0-4 years and 85 years or over.

However, none of these statistics reveal the number of GP or specialist doctor medical practices which charge patients an upfront amount above the scheduled Medicare benefit amount.

According to the Royal Australian College of General Practitioners (RACGP) the real percentage of patients who had all their GP visits bulk billed during 2016–17 was an est. 66 per cent.

Which meant that an estimated 34 per cent of GP patients in that financial year paid an upfront cost that might not have been able to be fully claim from Medicare.

The Australian Medical Association (NSW) in a 2018 statement suggests that these patients are likely to be paying an average of $48.69 in out-of-pocket fees.

The Australian Institute of Health and Welfare states in its Health Services Series Number 80  that in 2016-17 there were 7.8 million attendances at public hospital emergency departments and “at the conclusion of clinical care in the emergency department, 61% of presentations reported an episode end status of Departed without being admitted or referred”, which indicates that this percentage may contain an unspecified number of individuals who attended a public hospital emergency department because a bulk billing GP was not practicing in their local area and they were not able to readily afford an upfront fee or additional out-of-pocket expenses.

ABC News reported* on 17 August 2018 that:

> 1.3 million people delay seeing a doctor because of the cost;
> 1 in 2 Australian patients faced out-of-pocket costs for non-hospital Medicare services, with the median cost sitting at $142 per person;
> almost 35 per cent of out-of-pocket expenses were spent on specialist services, while almost 25 per cent went to GP gap payments; and
> a further 12 per cent was spent on diagnostic imaging services, like radiology.

Greg Hunt's tweet has definitely avoided facing the Medicare elephant in the room. 

* Based on MyHealthyCommunities: Patients' out-of-pocket spending on Medicare services 2016–17 released August 2018.

Tell me again why the Turnbull Government is insisting My Health Record will become mandatory by the end of October 2018?

It is not just ordinary health care consumers who have concerns about the My Health Record database, system design, privacy issues and ethical considerations.

It is not just the Turnbull Government which has not sufficiently prepared public and private health care organisations for the nationwide rollout of mass personal and health information collection - the organisations themselves are not ready.

Lewis Ryan (Academic GP Registrar)

* 91 % of GP Registrars have never used My Health Record in a clinical context

* 65% of GP Registrars have never discussed My Health Record with a patient

* 78%  of GP Registrars have never received training in how to use My Health Record

* 73% of GP Registrars say lack of training is a barrier to using My Health Record

* 71% of  GP Registrars who have used the My Health Record system say that the user interface is a barrier

* Only 21% of  GP Registrars believe privacy is well protected in the My Health Record system

In fact Australia-wide only 6,510 general practice organisations to date have registered to use My Health Record and these would only represent a fraction of the 35,982 GPs practicing across the country in 2016-17.

UPDATE

Healthcare IT News, 3 August 2018:

The Federal Government’s Health Care Homes is forcing patients to have a My Health Record to receive chronic care management through the program, raising ethical questions and concerns about discrimination.

The government’s Health Care Homes trial provides coordinated care for those with chronic and complex diseases through more than 200 GP practices and Aboriginal Community Controlled Health Services nationally, and enrolment in the program requires patients to have a My Health Record or be willing to get one.

But GP and former AMA president Dr Kerryn Phelps claimed the demand for patients to sign up to the national health database to access Health Care Homes support is unethical.

“I have massive ethical concerns about that, particularly given the concerns around privacy and security of My Health Record. It is discriminatory and it should be removed,” Phelps told Healthcare IT News Australia.

Under a two-year trial beginning in late 2017, up to 65,000 people are eligible to become Health Care Homes patients as part of a government-funded initiative to improve care for those with long-term conditions including diabetes, arthritis, and heart and lung diseases.

Patients in the program receive coordinated care from a team including their GP, specialists and allied health professionals and according to the Department of Health: “All Health Care Homes’ patients need to have a My Health Record. If you don’t have a My Health Record, your care team will sign you up.”

Phelps said as such patients who don’t want a My Health Record have been unable to access a health service they would otherwise be entitled to.

“When you speak to doctors who are in involved in the Heath Care Homes trial, their experience is that some patients are refusing to sign up because they don’t want a My Health Record. So it is a discriminatory requirement.”

It has also raised concerns about possible future government efforts to compel Australians to have My Health Records.

“The general feedback I’m getting is that the Health Care Homes trial is very disappointing to say the least but, nonetheless, what this shows is that signing up to My Health Record could just be made a prerequisite to sign up for other things like Centrelink payments or workers compensation.”

Human rights lawyer and Digital Rights Watch board member Lizzie O’Shea claims patients should have a right to choose whether they are signed up to the government’s online medical record without it affecting their healthcare.

“It is deeply concerning to see health services force their patients to use what has clearly been shown to be a flawed and invasive system. My Health Record has had sustained criticism from privacy advocates, academics and health professionals, and questions still remain to be answered on the privacy and security of how individual's data will be stored, accessed and protected,” O’Shea said. [my yellow highlighting]

AUSTRALIA 2018: Turnbull Government continues to hammer the vulnerable

Remember when reading this that the Turnbull Government is still intending to proceed with its planned further corporate tax cuts reportedly worth an est. $65 billion. Compare this policy with the National Disability Insurance Scheme (NDIS) funding in Budget 2018-19 which is $43 billion over four years and no dedicated NDIS funding stream established as had been previously promised.

Australian Federation of Disability Organisations & Summer Foundation, media release, 14 May 2018:

JOINT STATEMENT ON THE NDIA’S SPECIALIST DISABILITY ACCOMMODATION PROVIDER AND INVESTOR BRIEF

The National Disability Insurance Agency (NDIA) presented its latest policy position for Specialist Disability Accommodation (SDA) in a statement to the provider and investor market on 24 April.

People with disabilities and developers of innovative housing for people with disabilities are pleased the NDIA has reiterated the government’s commitment to SDA in its SDA Provider and Investor Brief. The NDIA has confirmed that the SDA funding model is here to stay.

However, the NDIA’s SDA Brief expresses a vision for SDA housing with a clear bias toward shared models of housing for people with disability, presumably to reduce support costs. This is unacceptable. You can read our joint statement here (A Rich text format is available here).

You can read the Summer Foundation’s summary of the SDA Brief here.

The Australian, 16 May 2018:

The executives of the flagship ­National Disability Insurance Scheme, which received guaranteed funding worth tens of billions of dollars in last week’s budget, have launched a crackdown on support funding to keep a lid on ballooning costs.

The razor is being taken to hundreds, possibly thousands, of ­annual support plans as they come up for review, demonstrating a new hawkish approach from ­National Disability Insurance Agency bosses but resulting in the loss of funding and support for vulnerable families. In many cases, support packages for families have been cut by half.

The early years of the $22 billion program’s rollout saw wild variability in the value and type of support being granted to participants, forcing executives to come up with a way to claw back funding that has “an impact on sustainability”. In the process, people with disabilities and their families have been shocked by sudden reversals of fortune….

In its quarterly report, the NDIA noted there was a “mismatch” between reference packages — rough cookie-cutter guides for how much packages ought to be in normal circumstances — and the value of annual support packages which affected the financial sustainability of the scheme.

“The management’s response to this is to closely ensure that significant variations away from reference amounts (above and below) are closely monitored and justified,” a spokesman said.

“Reference packages are not used as a tool to reduce package amounts to below what is reasonable and necessary. Individual circumstances are considered in determining budgets, including goals and aspirations.

“A reference package does not restrict the amount or range of support provided to a participant, but acts as a starting point for planners to use for similar cohorts. It provides amounts that are suitable for a given level of support needs that has been adjusted for individual circumstances.”

The agency has claimed the implementation of this process has started to reduce funding blowouts and a hearing into the scheme by federal parliament’s Joint Standing Committee on the NDIS last Friday heard startling evidence about how widespread the new approach is.

Donna Law, whose 21-year-old son has severe disabilities, was told by an NDIS planner: “Donna, watch out because your son’s next plan is going to be cut by about half.”

Clare Steve had funding cut in half by the NDIA and wanted to do another review.

“I spoke to multiple people, because no one would actually give me the paperwork to do the next lot of reviewing,” Ms Steve told the hearing.

“I was told by multiple people that it was a mistake: ‘Do not go for another review.

“If you go for another review, you could get your funding cut again’.”

ABC News, 19 May 2018:

Bureaucrats are reportedly working on a strategy to curb costs by tightening up the eligibility requirements after a blowout in the number families seeking NDIS support packages for people with autism.

ABC News, 19 May 2018:

Last December, Sam's case was one of about 14,000 sitting in the NDIS's review backlog, according to a damning ombudsman's report this week. Then, about 140,000 participants were in the scheme.

The review queue has since shrunk, but the agency in charge of the world-first scheme — a Commonwealth department known as the National Disability Insurance Agency (NDIA) — still receives about 640 review requests each week.

Some of those requests do not reflect badly on the NDIA. People can request an unscheduled review if their circumstances change, for example if their condition improves.

But the agency often is culpable when it comes to another type of review, known as an internal review. People ask for these when they disagree with the plan and funding package they are given.

Some reviews come from people who feel short-changed, given the state government support they previously received, or because of the high expectations associated with the scheme.

But the Government is also to blame. The NDIS's full-scheme launch in mid-2016 was a disaster. The computer system failed. A backlog of NDIS applications quickly emerged.

Plans were then often completed over the phone and rushed. Key staff lacked training and experience. There was little consistency in the decisions being made.

The scheme's IT system remains hopeless, and elements of its bureaucracy are not much better, according to the watchdog's report.

The agency accepted all 20 of the ombudsman's recommendations, and Social Services Minister Dan Tehan said work was underway to bust the backlog "over coming months".

Administration of reviews under the National Disability Insurance Scheme Act 2013 REPORT ON THE NATIONAL DISABILITY INSURANCE AGENCY’S HANDLING OF REVIEWS May 2018, excerpts:

* In February 2018, the NDIA advised around 8,100 reviews remained in the backlog and the national backlog team was clearing around 200 reviews each week. The NDIA also advised it continues to receive around 620 new review requests each week, which are handled by regional review staff.

* We have received complaints about the NDIA’s handling of participant-initiated requests for review. In particular, these complaints concern the NDIA: (1) not acknowledging requests for review; (2) not responding to enquiries about the status of a request; or (3) actioning requests for an internal review as requests for a plan review.

*Participants also complained they had sought updates on the receipt and/or progress of their requests by calling the Contact Centre and by telephoning or emailing local staff. They reported not receiving a response, leaving messages that were not returned and being told someone would contact them—but no one did.

* In our view, the absence of clear guidance to staff about the need to acknowledge receipt of review requests is concerning. Indeed, the large number of complaints to our Office where complainants are unclear about the status of their review indicates the lack of a standardised approach to acknowledgements is driving additional, unnecessary contact with both the NDIA and our Office.

* Our Office monitors and reports on complaint themes each quarter. Review delays was the top complaint issue for all four quarters in 2017.

* Some participants have told us they have been waiting for up to eight or nine months for a decision on their review request, without any update on its progress or explanation of the time taken.

In some instances, the participant’s existing plan has expired before the NDIA has made a decision on their request for review. As review decisions can only be made prospectively, it can mean a participant must go through the whole process for the new (routinely reviewed) plan if they remain unhappy.

An insider has finally admitted what any digital native would be well aware of - your personal health information entered into a national database will be no safer that having it up on Facebook

Remembering that a federal government national screening program, working with with a private entity, has already accessed personal information from Medicare without consent of registered individuals and entered these persons into a research program - again without consent - and these individuals apparently could not easily opt out of being listed as a research subject but were often only verbally offered  the option of declining to take part in testing, which presumably meant that health data from other sources was still capable of being collected about them by the program. One has to wonder what the Turnbull Government and medical establishment actually consider patient rights to be in practice when it comes to "My Health Record".

Healthcare IT News, 4 May 2018:

Weeks before the anticipated announcement of the My Health Record opt out period, an insider’s leak has claimed the Australian Digital Health Agency has decided associated risks for consumers “will not be explicitly discussed on the website”.

As the ADHA heads towards the imminent announcement of the three-month window in which Australians will be able to opt out of My Health Record before being signed up to the online health information repository, the agency was caught by surprise today when details emerged in a blog post by GP and member of the steering group for the national expansion of MHR, Dr Edwin Kruys.

Kruys wrote that MHR offers “clear benefits” to healthcare through providing clinicians with greater access to discharge summaries, pathology and diagnostic reports, prescription records and more, but said “every digital solution has its pros and cons” and behind-the-scenes risk mitigation has been one of the priorities of the ADHA. However, he claimed Australians may not be made aware of the risks involved in allowing their private medical information to be shared via the Federal Government’s system.

“It has been decided that the risks associated with the MyHR will not be explicitly discussed on the website,” Kruys wrote.

“This obviously includes the risk of cyber attacks and public confidence in the security of the data.”

The most contentious contribution in the post related to the secondary use of Australians’ health information, the framework of which has yet to be announced by Health Minister Greg Hunt.

Contacted by HITNA, the agency moved swiftly to have Kruys delete the paragraph relating to secondary use.

In the comment that has since been removed, Kruys wrote, “Many consumers and clinicians regard secondary use of the MyHR data as a risk. The MyHR will contain a ‘toggle’, giving consumers the option to switch secondary use of their own data on or off.”

Under the My Health Records Act 2012, health information in MHR may be collected, used and disclosed “for any purpose” with the consent of the healthcare recipient. One of the functions of the system operator is “to prepare and provide de-identified data for research and public health purposes”. 

Before these provisions of the act will be implemented, a framework for secondary use of MHR systems data must be established. 

HealthConsult was engaged to assist the Federal Government in developing a draft framework and implementation plan for the process and within its public consultation process in 2017 received supportive submissions from the Australasian College of Health Informatics, the Australian Bureau of Statistics and numerous research institutes, universities, and clinicians’ groups.

Computerworld, 14 May 2018:

Use of both de-identified data and, in some circumstances, identifiable data will be permitted under a new government framework for so-called “secondary use” of data derived from the national eHealth record system. Linking data from the My Health Record system to other datasets is also allowed under some circumstances.

The Department of Health last year commissioned the development of the framework for using My Health Record data for purposes other than its primary purpose of providing healthcare to an individual.

Secondary use can include research, policy analysis and work on improving health services.

Under the new framework, individuals who don’t want their data used for secondary purposes will be required to opt-out. The opt-out process is separate from the procedure necessary for individuals who don’t want an eHealth record automatically created for them (the government last year decided to shift to an opt-out approach for My Health Record)……

Access to the data will be overseen by an MHR Secondary Use of Data Governance Board, which will approve applications to access the system.

Any Australian-based entity with the exception of insurance agencies will be permitted to apply for access the MHR data. Overseas-based applicants “must be working in collaboration with an Australian applicant” for a project and will not have direct access to MHR data.

The data drawn from the records may not leave Australia, but under the framework there is scope for data analyses and reports produced using the data to be shared internationally……

The Department of Health came under fire in 2016 after it released for download supposedly anonymised health data. Melbourne University researchers were able to successfully re-identify a range of data.

Last month the Office of the Australian Information Commissioner revealed that health service providers accounted for almost a quarter of the breaches reported in the first six weeks of operation of the Notifiable Data Breach (NDB) scheme.

The Sydney Morning Herald, 14 May 2018:

Australians who don't want a personal electronic health record will have from July 16 to October 15 to opt-out of the national scheme the federal government announced on Monday.

Every Australian will have a My Health Record unless they choose to opt-out during the three-month period, according to the Australian Digital Health Agency.

The announcement follows the release of the government’s secondary use of data rules earlier this month that inflamed concerns of patient privacy and data use.

Under the framework, medical information would be made available to third parties from 2020 - including some identifying data for public health and research purposes - unless individuals opted out.

In other news....... 

The Sydney Morning Herald, 14 May 2018:

A cyber attack on Family Planning NSW's website has exposed the personal information of up to 8000 clients, including women who have booked appointments or sought advice about abortion, contraception and other services.

Clients received an email from FPNSW on Monday alerting them that their website had been hacked on Anzac Day.

The compromised data contained information from roughly 8000 clients who had contacted FPNSW via its website in the past 2½ years to make appointments or give feedback.

It included the personal details clients entered via an online form, including names, contact details, dates of birth and the reason for their enquiries….

The website was secured by 10am on April 26, 2018 and all web database information has been secure since that time

SBS News, 14 May 2018:

Clients were told Family Planning NSW was one of several agencies targeted by cybercriminals who requested a bitcoin ransom on April 25…..

The not-for-profit has five clinics in NSW, with more than 28,000 people visiting every year.

The most recent Digital Rights Watch State of Digital Rights (May 2018) report can be found here.

The report’s 8 recommendations include:

Repeal of the mandatory metadata retention scheme

Introduction of a Commonwealth statutory civil cause of action for serious invasions of privacy

A complete cessation of commercial espionage conducted by the Australian Signals Directorate

Changes to copyright laws so they are flexible, transparent and provide due process to users

Support for nation states to uphold the United Nations Convention on the Rights of the Child in the digital age

Expand the definition of sensitive information under the Privacy Act to specifically include behavioural biometrics

Increase measures to educate private businesses and other entities of their responsibilities under the Privacy Act regarding behavioural biometrics, and the right to pseudonymity

Introduce a compulsory register of entities that collect static and behavioural biometric data, to provide the public with information about the entities that are collecting biometric data and for what purpose

The loopholes opened with the 2011 reform of the FOI laws should be closed by returning ASD, ASIO, ASIS and other intelligence agencies to the ambit of the FOI Act, with the interpretation of national security as a ground for refusal of FOI requests being reviewed and narrowed

Telecommunications providers and internet platforms must develop processes to increase transparency in content moderation and, make known what content was removed or triggered an account suspension.