Patient data incident

Digital Patient Pathways is a Personify Care mobile platform used by Local Health Networks across SA Health to exchange information with patients about their care.

Personify Care has informed SA Health of an isolated data incident on 16 October 2023 relating to some patients using the platform.

Personify Care is a private organisation which provides digital patient pathways software for hospitals, clinics and clinical research.

How do I know if my data has been impacted?

Everyone who has been impacted by the incident is being contacted directly by Personify Care by email and/or letter.

They will provide information about what personal information may have been affected and contact details if you have further questions.

What happened?

The incident occurred on 16 October 2023 and impacted health information (personal, medical and/or legal documents) of 121 SA Health patients using Digital Patient Pathways at Central Adelaide Local Health Network (CALHN) and Southern Adelaide Local Health Network (SALHN).

No evidence has been found that affected documents were copied or downloaded, but the incident resulted in an unauthorised party deleting the contents of a folder used to store some information uploaded by patients and staff using Digital Patient Pathways.

The incident did not affect the use of the platform at any other SA Health Local Health Networks.

Personify Care detected the incident within two hours of it occurring and have since worked closely with SA Health to determine the extent and resolve the incident.

Independent analysis has verified that the incident did not affect any other information that patients may have submitted via the platform, and any unauthorised activity was effectively contained within two hours and the platform is secure.

The affected folder also included the name and phone number for 12,624 patients used to invite them onto the Digital Patient Pathways system, but this did not include any health information.

How did it happen?

The incident resulted in an unauthorised third party deleting a specific folder within Personify Care’s infrastructure, which is used to store patient documents uploaded into the platform. This has been confirmed by independent forensic analysis.

The independent forensic analysis also confirmed the files had been deleted, however, no evidence has been found of data being copied or downloaded.

The incident occurred outside the SA Health network within a specific part of the infrastructure used by Personify Care.

Personify Care has engaged an expert advisory firm to provide an independent assessment of the additional measures they are implementing to prevent such incidents from occurring in the future.

All appropriate measures have been taken to independently verify that the incident has been resolved and there is no further risk to patient information contained on the Personify Care platform.

Have any other Local Health Networks who use this digital platform been impacted?

No. The incident did not affect the use of the platform at any other SA Health Local Health Networks.

What actions have been taken?

Since Personify Care detected the incident, they have been working closely with SA Health to ensure all adequate steps have been taken to independently verify that the incident was effectively resolved and have confirmed that this presents no further risk to patient information.

Personify Care have also engaged an expert advisory firm to provide an independent assessment of the additional measures they are implementing to prevent such incidents from occurring in the future.

The Office of the Australian Information Commissioner (OAIC) has also been notified of the incident.

What can impacted patients do?

While there is no evidence found of data being copied or downloaded, affected people are encouraged to be on the lookout for unusual / fraudulent activity or any notifications which seem odd or suspicious.

IDCARE can provide specialist support and guidance when faced with a cyber and identity related issue.

At no cost, you can contact the IDCARE Australian National Case Management Centre on 1800 595 160 (‍Mon – Fri 7.30am – 4.30pm ACST). When you call, quote the code SAH23

Alternatively, you can complete the online form to request support: www.idcare.org/contact/get-help

Use of the information and data contained within this site or these pages is at your sole risk.
If you rely on the information on this site you are responsible for ensuring by independent verification its accuracy, currency or completeness.
This site includes links to other websites operated by community, business and government.
These linked websites will have their own terms and conditions of use and you should familiarise yourself with these.
All linked websites are linked 'as is' and the Government of South Australia:
- does not sponsor, endorse or necessarily approve of any material on websites linked from or to this Site;
- does not make any warranties or representations regarding the quality, accuracy, merchantability or fitness for purpose of any material on websites linked from or to this Site;
- does not make any warranties or representations that material on other websites to which this site is linked does not infringe the intellectual property rights of any person anywhere in the world; and
- does not authorise the infringement of any intellectual property rights contained in material in other websites by linking this site to those other websites.
If you use automatic language translation services in connection with this site you do so at your own risk.
The information and data on this site is subject to change without notice. The Government of South Australia may revise this disclaimer at any time by updating this posting.
The Government of South Australia, its agents, instrumentalities, officers and employees:
- make no representations, express or implied, as to the accuracy of the information and data contained on this site
- make no representations, express or implied, as to the accuracy or usefulness of any translation of the information on this site or any linked website into another language
- make no representations as to the availability of the site and the availability of websites linked from or to the site
- accept no liability however arising for any loss resulting from the use of the site and any information and data or reliance placed on it (including translated information and data)
- make no representations, either expressed or implied, as to the suitability of the said information and data for any particular purpose
- accepts no liability for any interference with or damage to a user's computer, software or data occurring in connection with or relating to this Site or its use or any website linked to this site
- do not represent or warrant that applications or payments initiated through this site will in fact be received or made to the intended recipient. Users are advised to confirm the application or payment by other means.

Privacy http://www.sahealth.sa.gov.au/wps/wcm/connect/public+content/sa+health+internet/about+us/website+information/privacy

Copyright http://www.sahealth.sa.gov.au/wps/wcm/connect/public+content/sa+health+internet/about+us/website+information/copyright

Disclaimer http://www.sahealth.sa.gov.au/wps/wcm/connect/public+content/sa+health+internet/about+us/website+information/disclaimer

Last updated: 14 Mar 2024