PDF 378 KB
Frequently Asked Questions on the Personify Care patient data incident in October 2023.
Digital Patient Pathways is a Personify Care mobile platform used by Local Health Networks across SA Health to exchange information with patients about their care.
Personify Care has informed SA Health of an isolated data incident on 16 October 2023 relating to some patients using the platform.
Personify Care is a private organisation which provides digital patient pathways software for hospitals, clinics and clinical research.
Everyone who has been impacted by the incident is being contacted directly by Personify Care by email and/or letter.
They will provide information about what personal information may have been affected and contact details if you have further questions.
The incident occurred on 16 October 2023 and impacted health information (personal, medical and/or legal documents) of 121 SA Health patients using Digital Patient Pathways at Central Adelaide Local Health Network (CALHN) and Southern Adelaide Local Health Network (SALHN).
No evidence has been found that affected documents were copied or downloaded, but the incident resulted in an unauthorised party deleting the contents of a folder used to store some information uploaded by patients and staff using Digital Patient Pathways.
The incident did not affect the use of the platform at any other SA Health Local Health Networks.
Personify Care detected the incident within two hours of it occurring and have since worked closely with SA Health to determine the extent and resolve the incident.
Independent analysis has verified that the incident did not affect any other information that patients may have submitted via the platform, and any unauthorised activity was effectively contained within two hours and the platform is secure.
The affected folder also included the name and phone number for 12,624 patients used to invite them onto the Digital Patient Pathways system, but this did not include any health information.
The incident resulted in an unauthorised third party deleting a specific folder within Personify Care’s infrastructure, which is used to store patient documents uploaded into the platform. This has been confirmed by independent forensic analysis.
The independent forensic analysis also confirmed the files had been deleted, however, no evidence has been found of data being copied or downloaded.
The incident occurred outside the SA Health network within a specific part of the infrastructure used by Personify Care.
Personify Care has engaged an expert advisory firm to provide an independent assessment of the additional measures they are implementing to prevent such incidents from occurring in the future.
All appropriate measures have been taken to independently verify that the incident has been resolved and there is no further risk to patient information contained on the Personify Care platform.
No. The incident did not affect the use of the platform at any other SA Health Local Health Networks.
Since Personify Care detected the incident, they have been working closely with SA Health to ensure all adequate steps have been taken to independently verify that the incident was effectively resolved and have confirmed that this presents no further risk to patient information.
Personify Care have also engaged an expert advisory firm to provide an independent assessment of the additional measures they are implementing to prevent such incidents from occurring in the future.
The Office of the Australian Information Commissioner (OAIC) has also been notified of the incident.
While there is no evidence found of data being copied or downloaded, affected people are encouraged to be on the lookout for unusual / fraudulent activity or any notifications which seem odd or suspicious.
IDCARE can provide specialist support and guidance when faced with a cyber and identity related issue.
Alternatively, you can complete the online form to request support: www.idcare.org/contact/get-help
If you have any further questions, contact the 24/7 phone line on 08 7111 3404.