26 September 2023

Ministry of Health finds data details dubbed

Start the conversation

Former and current employees of the Ministry of Health (NSW Health) have had their personal information illegally exposed in a data breach.

Notifying the Public Service Association of NSW this month (March), the Ministry said that in November 2021, an unauthorised third party accessed data from Frontier Software – a payroll software provider.

“The data included personal information from a payroll system previously used by NSW Health,” the Ministry said.

“Around 1,600 former and current employees of the Ministry of Health or whose payroll was processed by the Ministry of Health have been impacted by the cyber-attack,” it said.

“Medical records in public hospitals were not affected and the software involved is no longer in use by NSW Health.”

The Ministry said that ongoing monitoring confirmed that no data from the breach had been uploaded to the dark web.

It said the data breach affected current and former staff who were employed from 2001 to 2015 at the NSW Ministry of Health, Mental Health Review, Health Professional Councils Authority, Official Visitors Program, Health Infrastructure, and the previous Institute of Psychiatry.

In a letter to impacted staff member the Deputy Secretary for People, Culture and Governance at NSW Health, Phil Minns said the breach did not involve any of the Ministry’s core systems, current payroll system or impact any patient information, health or hospital records.

Mr Minns said Frontier notified NSW Health of the breach in July last year and took immediate steps to prevent further access to the data, its publication to the dark web, and to protect against its misuse.

“NSW Health has undertaken an extensive amount of work with Frontier’s external cyber advisors to determine precisely whose information was impacted by the breach,” Mr Minns said.

“Based on the actions undertaken and advice provided, we consider that there is a significantly reduced risk associated with this data breach, but we nevertheless consider it important to inform you that the breach occurred,” he said.

“I appreciate that this may be distressing for you and Frontier has organised for support to be available at no cost by contacting IDCare on 1800 595 160 and providing the referral code of ‘FDI2-ID’.”

IDCare can be accessed at this PS News link.

Start the conversation

Be among the first to get all the Public Sector and Defence news and views that matter.

Subscribe now and receive the latest news, delivered free to your inbox.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.