Australia’s Notifiable Data Breach Scheme: an Analysis of Risk Management Findings for Healthcare

EasyChair Preprint 10793

Abstract

This paper provides an overview of the first five years of data published via the Australian governments’ notifiable data breach (NDB) scheme, operated by the Office of the Australian Information Commissioner (OAIC). Applying investigative techniques including descriptive and inferential statistics, Pareto and distribution analysis, and bivariate correlations, it is discovered that 80% of data breach incidents are predominantly caused by fives forms of human error, particularly failures in email management. A deeper investigation across each of the periods studied reveals significant correlations between specific types of data breach event, suggesting that an increase in one can be used as predictors for others to closely follow. These correlations are shown to exist between phishing and ransomware breaches, phishing and rogue employee incidents, and between two forms of email handling breaches and both compromised credentials and ransomware events.

Keyphrases: Cyber Security, Data Breach, Healthcare

@booklet{EasyChair:10793,
  author    = {Martin Dart and Mohiuddin Ahmed},
  title     = {Australia’s Notifiable Data Breach Scheme: an Analysis of Risk Management Findings for Healthcare},
  howpublished = {EasyChair Preprint 10793},
  year      = {EasyChair, 2023}}