APUNIPIMA Cape York Health Council is now admitting that patient information was accessed from last year’s cyber breach, despite previously denying the claim.
In a statement written by CEO Debra Malthouse, she acknowledged that “some information stored in Apunipima’s computer system at the time of the incident may have been accessed by the unauthorised third-party”.
This is a stark turnaround from previous statements, including the most recent one from December last year, which stated that no patient information had been accessed.
Interestingly, that statement has now been removed from the Apunipima website.
The cyber attack happened in early October and the story was broken by Cape York Weekly on October 6 after Apunipima attempted to cover up the breach.
In fact, Cape York Weekly was abused by some members of its staff and would not consent to media interviews after we published the story.
“The so-called health organisation not only called us liars, claiming patient data hadn’t been breached but also actively smeared our masthead when questioned about the verity of the allegations,” editor and publisher Matt Nicholls said.
Impacted patients are now going to receive letters in the mail, outlining what information may have been breached and what actions should be taken to protect themselves.
In Apunipima’s statement, the CEO said that Medicare and other personal details might have been accessed.
“We recently completed our forensic investigation which has confirmed that some information stored in Apunipima’s computer system at the time of the incident may have been accessed by the unauthorised third-party,” Ms Malthouse wrote.
Mr Nicholls said not enough detail has been provided and Apunipima’s patients deserved better.
“Ms Malthouse claims the risk to patients is low, but that will appease very few who have been left vulnerable for the last six months because she failed to immediately address the problem at hand,” he said.
“The Apunipima board should be looking closely at what action was taken at the time of the cyber attack and why its executive staff did not take the security of patient records more seriously.
“Cape York Weeklyhad to go to great lengths to find information about the breach, often from concerned staff members who were speaking to us without authorisation to do so.
“Meanwhile, we had vulnerable people from Cape York contacting us, concerned about their patient history being exposed in their communities.”
Mr Nicholls said the state and federal governments, each funding contributors to Apunipima, should have stepped up when the health body didn’t.
“Apunipima is largely government-funded and not one minister wanted to touch the issue when we approached them last year,” he said.
“For them, it was out-of-sight, out-of-mind. The response simply wasn’t adequate when people in Cape York were kept in the dark from their health provider.”
In the statement, Ms Malthouse said: “We sincerely apologise that this incident happened and for any concern it may cause our valued patients, clients and staff across the Cape York region.”
Mr Nicholls said the apology didn’t cut it and called on the CEO to resign.
“Apologising for the incident happening isn’t good enough. Ms Malthouse needs to directly apologise to those patients for exposing them and not taking serious measures in the days following the attack,” he said.
“Someone has to be held accountable and if Ms Malthouse doesn’t resign, she should be sacked by the board.
“Cape York Weekly has also written to Ms Malthouse asking for an apology for the criticism of our reporting, which has proven to be unwarranted.”