This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Queensland Health

Summary

Queensland Health launched an investigation in July 2019 after medical files containing sensitive patient information were discovered discarded on a busy Brisbane road. The physical documents included patient names, medical histories, and treatment details, raising serious questions about how confidential health records ended up in a public location. The incident highlighted ongoing challenges with physical document security in the healthcare sector.

What Happened

Physical Theft. Medical files belonging to Queensland Health patients were found scattered on a Brisbane roadway, suggesting they had either been stolen, improperly disposed of, or lost during transport. The documents contained sensitive health information including patient names, dates of birth, addresses, medical diagnoses, treatment records, and clinical notes. The discovery of physical medical records in a public place represented a serious breach of patient confidentiality and privacy obligations. It remained unclear whether the files had been deliberately stolen, accidentally lost during transport between facilities, or improperly disposed of. Queensland Health immediately launched an investigation to determine how the files ended up on the street and whether other documents had similarly gone missing.

Impact on Individuals

  • Complete Medical Exposure: Physical files often contain comprehensive health histories
  • Public Disclosure: Medical information literally found on a public street accessible to anyone
  • Unknown Chain of Custody: Uncertainty about who may have seen or copied the information before discovery
  • Permanent Records: Physical documents may have been photographed or retained by finders
  • Trust Breach: Fundamental failure to protect confidential patient information

The physical nature of the breach meant patient information was potentially visible to numerous people before the files were recovered.

Response

Queensland Health immediately secured the discovered files and launched an investigation into how patient medical records ended up on a public road. The health department contacted affected patients to inform them of the breach and offer support. Investigators examined document handling procedures, transport protocols, and disposal processes to identify the point of failure. Queensland Health reviewed its policies for managing physical medical records, including secure transport between facilities and proper destruction of documents no longer needed. The incident was reported to the Queensland Privacy Commissioner and the Office of the Australian Information Commissioner. The breach highlighted an often-overlooked aspect of health data security—while significant resources go into protecting electronic health records from cyberattacks, physical documents remain vulnerable to loss, theft, or improper handling. Queensland Health implemented enhanced procedures for tracking and transporting physical medical files. +++

Verification Source: View original statement