This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Alfred Health

Summary

Alfred Health, Victoria's leading trauma hospital, discovered that a pharmacist had unauthorised access to approximately 7,000 patient medical records over a four-year period. The privacy breach, discovered in June 2023 and disclosed to patients in November, involved the pharmacist viewing records without clinical justification, including sensitive information of HIV patients. The pharmacist was dismissed following the investigation.

What Happened

A pharmacist working at Alfred Health used the hospital's electronic medical record database to view patient records over a four-year period without clinical reason to do so. The breach was discovered when an investigation launched in June 2023 identified the unauthorised access pattern.

Alfred Health chief executive Professor Andrew Way stated that "what began as healthcare worker's legitimate professional access to the electronic medical records system morphed to include access for personal curiosity." The pharmacist's behaviour represented a fundamental breach of professional standards and patient trust.

Impact on Individuals

Approximately 7,000 patients were affected by the unauthorised access, including HIV patients being treated at The Alfred. Compromised information included test results, clinicians' notes, names, dates of birth, and Medicare numbers.

The breach was particularly concerning for HIV patients, given the sensitive and stigmatised nature of their medical condition. One HIV patient reported being "stunned" by the privacy violation, highlighting the emotional impact of having intimate health information accessed without authorisation.

While cybersecurity experts reviewing the incident found no evidence that patient information was downloaded or used beyond the unauthorised viewing, the breach still represented a serious violation of medical privacy and professional ethics.

Organisational Response

Alfred Health conducted a thorough investigation after discovering the unauthorised access in June 2023. The pharmacist was dismissed following the investigation's findings.

The hospital wrote to every affected patient in November 2023, informing them of the privacy breach and the steps taken to address it. Alfred Health established a dedicated hotline to provide support to affected patients and answer questions about the incident.

Professor Andrew Way issued an apology to affected patients on behalf of the organisation. However, when asked, the CEO acknowledged he "can't guarantee" the breach was an isolated incident, raising concerns about potential similar violations within the organisation's systems.

Verification Source: View original statement