Feeds

Medvet board to investigate privacy breach

More faces meet palms in South Australia

  • alert
  • submit to reddit

Top three mobile application threats

Medvet, the paternity-and-drug-testing laboratory owned by the South Australian Government that allowed Google to index its customer records until last weekend, says it will investigate how the breach occurred.

According to the Australian Broadcasting Corporation’s PM radio programme on Monday evening, the breach affected more than 800 individuals who had placed online orders with the company.

The Australian, which broke the story on Saturday (July 16) has also said that the privacy breach, known to the company since April, wasn’t reported to the South Australian government until the weekend, even though a Health Department manager sits on the company’s board.

Speaking to PM, Medvet CEO David Swan said “it appears that there’s been some issue … that’s occurred with the software between Google and some software that’s being used by the company to register requests for drug tests.”

Swan said the company has requested its board to conduct “an independent investigation both from a forensic IT perspective but also from the events which have led up to this”.

What appears to be inadequate communication between the Medvet board and its owner, the South Australian Government, seems surprising considering that a sale of the company had been http://www.health.sa.gov.au/Default.aspx?tabid=792 proposed in the 2010-2011 state budget.

The government’s public budget papers didn’t put a valuation on Medvet, but a copy of internal budget documents leaked on a USB key to the ABC last year put a valuation of AU$15 million on the company.

The Australian Privacy Foundation’s health chair Juanita Fernando told PM that litigation is inevitable following the Medvet breach. ®

Bootnote: This author was taken to task yesterday for over-emphasising the role of robots.txt. That’s a fair cop: but protecting sensitive information should be part of Web 101 for an organization such as Medvet. Public humiliation should be the least of the punishments. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
Oracle working on at least 13 Heartbleed fixes
Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.