Sarah*’s children have been insured under her Medibank family health insurance policy almost since birth.
- Medibank has confirmed that the data shared by the hacker includes customers under the age of 18
- The personal data and health claims of people aged or under 18 were also consulted
- Experts say health data leaks put children as well as their parents at long-term risk
When she learned that the company had been hacked – and that the attacker had access to the personal data of all Medibank customers and “significant amounts” of health claims data – she was furious.
Her children are 12 and 9, and she has no idea if or what information about them may now be available on the Internet, or what to do.
“I feel like some dark force has the data,” Sarah said.
“We’re not sure what to do to protect children and their identities.”
Since the Medibank breach was disclosed on October 13, the ABC has been contacted by parents concerned that their children could be caught up in the data breach and about the sensitivity of the information that could have been exposed.
A Medibank spokesperson confirmed that some of the samples of stolen data already shared with the company by the hacker included customers under the age of 18.
More broadly, they were also able to access the personal data and health claims data of people aged or under 18, but the extent of the theft has yet to be established.
“We continue to work to understand the specific data that was accessed or deleted by the criminal,” the spokesperson said.
In addition to personal information such as address or date of birth, healthcare claims data could reveal the type of medical services a person received, and potentially the illnesses or injuries they suffered. can be faced.
While adults are also at risk of scams or stigma due to disclosure of health records, children are a special case – particularly because they don’t always have a say in what caregivers write them down or share them, said senior lecturer Megan Prictor. at Melbourne Law School.
A leak of medical data could have implications in domestic violence situations, for example, if the data revealed home addresses or places of health services regularly used by a child.
“You are stuck with your medical history”
Also of particular concern is the longevity of harm: the potential for leaked data to be linked to children for life, as well as the potential for discrimination associated with certain health conditions or care received in childhood.
“It’s not like you can change your phone number or get a new driver’s license,” Dr. Prictor said.
“Health data is immutable. You’re stuck with your medical history.”
Sarah suffers from chronic bowel disease and her son is under investigation for the same problem. If his data is exposed, she worries about how it might track him in the future – when he applies for jobs, for example.
“Someone now knows that this nine-year-old potentially has this disease,” she speculated.
“Who he decides to disclose this to in the future is his choice. It’s as if that choice has been taken away from him.”
Kids need better privacy protections: experts
The Medibank hack affected both past and current customers. The company said it had to store customer data for seven years under health records laws in New South Wales, Victoria and the ACT.
For people under 18, he must keep records until they are at least 25 years old.
Unlike the United States or Europe, Australia does not have a federal data privacy law specifically for children. The Privacy Act, which is currently under review, does not impose an age limit.
Dr. Prictor, along with other privacy experts, says we need to pay a lot more attention to data minimization and disposal – making sure companies only collect what they really need it, then dispose of it properly – as well as force all the institutions that hold our data to better protect that information.
According to Chris Cooper, executive director of Reset Australia, a code ensuring companies act in the best interests of children when it comes to their data is long overdue.
“Other jurisdictions have already provided these protections for young people, including the UK, Ireland and California, and Australia must follow suit,” he said in a statement.
Lauren Solomon, a senior researcher at the University of Technology Sydney’s Institute of Human Technology, said Australia should also ensure children’s rights and values are better reflected in data privacy law. data.
Ms Solomon also pointed to the growing collection of biometric information, such as face or fingerprints, and how this could affect children who have no say when it is shared.
“You can’t change your face. You can’t change your fingerprint.
“This is the reality, and the law must evolve to respond to it in a meaningful way.”
For now, Sarah is waiting for Medibank to tell her whether or not her family’s data has been stolen.
But she certainly doesn’t want to hear about bonuses from the bosses of the insurer anytime soon.
“You would think that all Australian companies were working 24/7 to lock down their systems [after Optus],” she says.
“I’m just afraid that after the initial attention and outrage, we’ll all move on.
“Someone has to be held accountable.”
*Name has been changed to protect privacy
Loading the form…
BUSINESS1 month ago
Westerham-based financial planning company buys first firm
FINANCE1 month ago
ESFA Update further education: 19 October 2022
AUTO MOBILE1 month ago
Chicago Drives Electric event in Oakbrook Terrace showcases latest EVs, with cars from Chevy, Ford, Volkswagen and more
WORLD1 month ago
Costco is selling ‘world’s largest’ jigsaw puzzle at 29 feet
HEALTH1 month ago
Vergeire not offered DOH chief post, admits reservations