Private health service providers still maintained poll position for reporting data breaches under the Australian Notifiable Data Breach (NDB) scheme in latest quarterly report spanning July to September 2018.
The top five industry sectors to report breaches during the quarter were private health service providers (45); finance (35); legal, accounting and management services (34); private education providers (16) and personal service providers (13).
All up there were 245 data breaches impacting personal information during the period, slightly up from 242 in the previous quarter, according to the Office of the Australian Information Commissioner (OAIC).
Malicious and criminal attacks were the majority of security incidents (57 per cent); according to the quarterly NDB statistics report.
Human error also made up for 37 per cent of incidents, with 20 per cent of data breaches occurring when personal information was sent to the wrong recipient.
Australian information and privacy commissioner, Angelene Falk, said training staff on how to identify and prevent privacy risks needs to be part of business as usual.
“Everyone who handles personal information in their work needs to understand how data breaches can occur so we can work together to prevent them,” Falk said.
“Organisations and agencies need the right cyber security in place, but they also need to make sure work policies and processes support staff to protect personal information every day.”
A mere six per cent of data breaches were due to system faults, compared to five per cent the previous quarter.
Falk stressed the importance of being alert for suspicious emails or texts, with 20 per cent of all data breaches in the quarter attributed to phishing.
“Phishing is when an individual is contacted by email or text message by someone posing as a legitimate institution to lure them into providing passwords or personal information," she added.
“This can result in their credentials – their username and password – being compromised and used to gain access to their system or network, if additional protections are not in place."