Personify Care (South Australia)

Summary

Personify Care's Digital Patient Pathways platform experienced a data incident on 16 October 2023 affecting South Australian health patients. An unauthorised third party deleted a folder containing patient documents and contact information. Independent forensic analysis confirmed files were deleted but found no evidence of data being copied or downloaded.

What Happened

On 16 October 2023, Personify Care informed SA Health of an isolated data incident involving the Digital Patient Pathways mobile platform. An unauthorised third party gained access to and deleted a specific folder within Personify Care's infrastructure used to store patient documents uploaded to the platform.

The Digital Patient Pathways platform is used by Local Health Networks across SA Health to exchange information with patients about their care, facilitating communication between health services and patients.

Impact on Individuals

The incident affected 121 SA Health patients at Central Adelaide Local Health Network (CALHN) and Southern Adelaide Local Health Network (SALHN) whose health information, including personal, medical, and legal documents, was deleted. Additionally, the compromised folder contained names and phone numbers for 12,624 patients used to invite them onto the Digital Patient Pathways system, though this group's health information was not included.

Independent forensic analysis confirmed that while files were deleted, no evidence was found indicating the data had been copied or downloaded by the unauthorised party. This suggests the incident was primarily data destruction rather than data theft.

Organisational Response

Personify Care promptly notified SA Health of the incident on 16 October 2023. SA Health worked with Personify Care to conduct independent forensic analysis to determine the full scope of the incident and confirm whether data had been exfiltrated. Affected patients were notified of the incident and the potential exposure of their information.