The article reports a decline in data breaches within Australia’s My Health Record system, part of the national electronic health record infrastructure overseen by the Australian Digital Health Agency (ADHA). While breaches decreased from 39 to 18 in the 2024-2025 period, the system remains a high-value target due to its storage of sensitive patient data including medical histories, prescriptions, and hospital records linked to the myGov platform. The Office of the Australian Information Commissioner (OAIC) highlighted risks in the myhealth mobile app, particularly regarding unclear overseas disclosure policies for personal health information. The Healthcare Identifiers Service (HI Service), another ADHA-administered system assigning unique IDs to patients and providers, reported no privacy complaints but remains integral to national health data security. Pilot programs like the Trust Exchange (TEx) for digital identity verification in healthcare settings introduce new attack surfaces, despite biometric passkey protections. Critics warn of fragmented digital infrastructure, increasing vulnerabilities in critical systems like My Health Record, where a breach could expose life-sensitive data, disrupt healthcare services, or enable identity fraud at scale. Though no specific breach details were disclosed, the systemic risks combined with the ADHA’s role in managing national digital health identity frameworks position it as a prime target for attacks with severe consequences, including threats to patient safety, operational outages, or large-scale data exploitation.
TPRM report: https://www.rankiteo.com/company/australian-digital-health-agency
"id": "aus3103231102325",
"linkid": "australian-digital-health-agency",
"type": "Breach",
"date": "6/2024",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Australia',
'name': 'Australian Digital Health Agency (ADHA)',
'type': 'Government Agency'},
{'industry': 'Public Services',
'location': 'Australia',
'name': 'Services Australia (myGov)',
'type': 'Government Agency'}],
'customer_advisories': ['Users notified of reduced breach risks via OAIC '
'report.',
'Guidance provided on using myGov app for Medicare '
'verification at banks.'],
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High (protected health information)',
'type_of_data_compromised': ['health records',
'prescriptions',
'hospital stay data',
'healthcare identifiers']},
'date_publicly_disclosed': '2025-07-01',
'description': 'The number of data breaches in the Australian national '
'electronic health record system (My Health Record) has '
'declined by half over the last year, according to the Office '
'of the Australian Information Commissioner (OAIC). The '
'system, linked to the myGov public services app, integrated '
'biometric passkey security to mitigate identity scams. The '
'OAIC received 18 breach notifications (down from 39) and 3 '
'privacy complaints (down from 15) for My Health Record in '
'2024-2025. No complaints were filed for the Healthcare '
'Identifiers Service (HI Service). The OAIC also assessed the '
'myhealth mobile app, recommending clarity on overseas data '
'disclosure. Australia is piloting digital identity '
'verification via myGov and the Trust Exchange (TEx) for '
'healthcare and banking.',
'impact': {'brand_reputation_impact': 'Improved (due to 50% reduction in '
'breaches and enhanced biometric '
'security)',
'customer_complaints': 3,
'data_compromised': ['patient reports',
'prescriptions',
'hospital stays',
'healthcare identifiers'],
'identity_theft_risk': 'Mitigated (via biometric passkeys and '
'Trust Exchange pilot)',
'systems_affected': ['My Health Record',
'myhealth mobile app',
'Healthcare Identifiers Service (HI Service)',
'myGov app']},
'investigation_status': 'Completed (per OAIC annual report)',
'lessons_learned': ['Biometric passkeys and digital identity verification '
'(e.g., Trust Exchange) reduce identity fraud risks.',
'Proactive regulatory assessments (e.g., OAIC app '
'reviews) improve transparency and compliance.',
'Disconnected digital service delivery creates strategic '
'gaps in critical infrastructure resilience.'],
'post_incident_analysis': {'corrective_actions': ['Deployment of biometric '
'passkeys in myGov app.',
'Pilot of Trust Exchange '
'(TEx) for identity '
'verification.',
'Regulatory recommendations '
'for myhealth app data '
'disclosure clarity.'],
'root_causes': ['Historical vulnerabilities in '
'digital health systems (prior to '
'biometric passkey adoption).',
'Lack of standardized digital '
'identity frameworks (addressed by '
'2023 Digital ID Bill).']},
'recommendations': ['Expand biometric security measures across all digital '
'health platforms.',
'Standardize digital identity frameworks (e.g., via the '
'Digital ID Bill) to eliminate patchwork progress.',
'Enhance public communication on data disclosure '
'practices (e.g., overseas data sharing).',
'Conduct regular third-party audits of healthcare apps to '
'preempt vulnerabilities.'],
'references': [{'date_accessed': '2025-07-01',
'source': 'Office of the Australian Information Commissioner '
'(OAIC) Annual Report 2024-2025'},
{'source': 'Australian Digital Health Agency (ADHA) - myhealth '
'App Assessment'},
{'source': 'Digital ID Bill 2023 (Australia)'}],
'regulatory_compliance': {'regulatory_notifications': ['OAIC annual report',
'ADHA myhealth app '
'assessment']},
'response': {'communication_strategy': ['OAIC annual report publication',
'public disclosure of breach '
'reduction metrics'],
'containment_measures': ['biometric passkey integration',
'Trust Exchange (TEx) identity '
'verification pilot'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'remediation_measures': ['enhanced clarity on overseas data '
'disclosure (myhealth app)',
'Digital ID Bill (2023) for national ID '
'system governance']},
'stakeholder_advisories': ['Healthcare providers advised to adopt Trust '
'Exchange (TEx) for secure identity verification.',
'Patients encouraged to use myGov app with '
'biometric passkeys for healthcare access.'],
'title': "Decline in Data Breaches in Australia's My Health Record System",
'type': ['data breach', 'privacy incident']}