SA patient health info deleted in third-party app breach

A mobile platform used by South Australian local health networks was breached a fortnight ago, resulting in a folder of “health information” of 121 patients being deleted.

The cyber security incident hit third-party provider Personify Care, which underpins the ‘Digital Patient Pathways’ mobile app used by local health networks across SA Health “to exchange information with patients about their care.”

SA Health characterised it as “an isolated data incident” that impacted the “health information (personal, medical and/or legal documents) of 121 SA Health patients using Digital Patient Pathways at Central Adelaide Local Health Network (CALHN) and Southern Adelaide Local Health Network (SALHN).”

The department said there was “no evidence” the patient data was downloaded or copied, only that it was deleted.

It said the unauthorised access was recognised “within two hours of it occurring” and was resolved jointly by SA Health and Personify Care.

Personify Care is notifying all 121 individuals whose “health information” is affected.

SA Health went on to say the folder contained other data as well: “The affected folder also included the name and phone number for 12,624 patients used to invite them onto the Digital Patient Pathways system, but this did not include any health information.”

Personify Care had called in external assistance, while SA Health had also notified the Office of the Australian Information Commissioner (OAIC) of the breach.