Register      Login
Australian Health Review Australian Health Review Society
Journal of the Australian Healthcare & Hospitals Association

Mitigating the consequences of electronic health record data breaches for patients and healthcare workers

Jeffrey C. L. Looi A B * , Stephen Allison B C , Tarun Bastiampillai B C D , Paul A. Maguire A B , Steve Kisely B E F and Richard C. H. Looi G
+ Author Affiliations
- Author Affiliations

A Academic Unit of Psychiatry and Addiction Medicine, School of Medicine and Psychology, The Australian National University, Canberra Hospital, Building 4, Level 2, PO Box 11, Garran, Canberra, ACT 2605, Australia.

B Consortium of Australian-Academic Psychiatrists for Independent Policy and Research Analysis (CAPIPRA), Canberra, ACT, Australia.

C College of Medicine and Public Health, Flinders University, Adelaide, SA, Australia.

D Department of Psychiatry, Monash University, Wellington Road, Clayton, Vic., Australia.

E School of Medicine, The University of Queensland, Princess Alexandra Hospital, Ipswich Road, Woolloongabba, Brisbane, Qld, Australia.

F Departments of Psychiatry, Community Health and Epidemiology, Dalhousie University, Halifax, NS, Canada.

G Independent Scholar, Canberra, ACT, Australia.

* Correspondence to:

Australian Health Review 48(1) 4-7
Submitted: 4 December 2023  Accepted: 5 December 2023  Published: 19 December 2023

© 2024 The Author(s) (or their employer(s)). Published by CSIRO Publishing on behalf of AHHA.


Electronic health records (EHRs) have been widely adopted in Australian public sector healthcare and will remain an ongoing, essential data system. However, recent substantial data breaches from hacked business data systems in Australian enterprises, as well as international healthcare providers, mean that EHR data breaches are increasingly likely in Australia. Risks include medical identity theft and extortion attempts based on threats to release sensitive patient information. Hacking is now a foreseeable additional risk of medical treatment. Risk mitigation for the consequences of data breaches needs to be considered, as well as support for patients (and families) and healthcare workers. This includes identity theft protection services, cybersecurity insurance, and psychological support.

Keywords: consumers, cyber security, data breach, e-health, electronic health record, health services management, healthcare workers, information management.


OIAC. AIC v Australian Clinical Labs Limited Concise Statement. 2023. Available at [accessed 1 December 2023].

OIAC. Notifiable Data Breaches Report: January to June 2023. 2023. Available at [accessed 25 September 2023].

Terzon E, Yang S. Medibank says all customers’ personal data compromised by cyber attack. 2022. Available at [accessed 25 September 2023].

Terzon E. Pathology company Australian Clinical Labs reveals it was hit by cyber attack in February. 2022. Available at [accessed 25 September 2023].

OIAC. OAIC commences Federal Court proceedings against Australian Clinical Labs Limited. 2023. Available at [accessed 1 December 2023].

IBM Security. Cost of Data Breach Report. 2023. Available at [accessed 25 September 2023].

Offner KL, Sitnikova E, Joiner K, et al. Towards understanding cybersecurity capability in Australian healthcare organisations: a systematic review of recent trends, threats and mitigation. Intellig Nat Secur 2020; 35: 556-585.
| Crossref | Google Scholar |

Papoutsi C, Reed JE, Marston C, et al. Patient and public views about the security and privacy of Electronic Health Records (EHRs) in the UK: results from a mixed methods study. BMC Med Inform Decis Mak 2015; 15: 86.
| Crossref | Google Scholar |

10  Entzeridou E, Markopoulou E, Mollaki V. Public and physician’s expectations and ethical concerns about electronic health record: Benefits outweigh risks except for information security. Int J Med Inform 2018; 110: 98-107.
| Crossref | Google Scholar |

11  ABC. Hackers claim they demanded $15 million ransom as more Medibank customer data posted to dark web. 2022. Available at [accessed 25 September 2023].

12  Chen M, Cheung ASY, Chan KL. Doxing: What Adolescents Look for and Their Intentions. Int J Environ Res Public Health 2019; 16: 218.
| Crossref | Google Scholar |

13  Clifford T. Provider liability and medical identity theft: can I get your (insurance) number? Northwestern J Law Policy 2016; 12: 45-68.
| Google Scholar |

14  Medibank Private Limited. Cyber Response Support Program. 2023. Available at [accessed 1 December 2023].

15  US Department of Health and Human Services. Health information privacy. 2023. Available at [accessed 11 October 2023].