More than 1,000 people may have had their personal details accessed by hackers in an unpublicized data breach on the servers holding the sensitive data of Australia’s largest skin cancer study.
The breach was confirmed last November when hackers briefly crippled Datatime, the technology company hired by QIMR Berghofer, the medical research institute running the QSKIN study. QIMR Berghofer has been criticised for continuing to recruit Australians for scientific studies without publicly disclosing the cyber attack.
The institute contacted the affected participants by email and assured them that no genetic data or other sensitive information had been accessed by the hackers.
The study set out to investigate how skin cancers and melanomas developed, with survey participants asked extensive questions about their medical history, feelings of anxiety and depression, and whether they had been through a recent divorce.
Participants were also asked to grant access to their Medicare records and Pharmaceutical Benefits Scheme, which provide access to a person’s prescription medication history. Those participating were assured their data would be “treated completely confidentially”.
However, participants have expressed concern about the data breach, with one survey respondent saying that it had made him “a little bit crazy”.
Datatime, the technology company that was hired to scan and process surveys for the QSKIN study, was planning to permanently delete the sensitive material after 12 months.
However, the company was hacked before it could do so. QIMR Berghofer would not say whether it had been subject to any other unpublicised data breaches or why it had not publicly disclosed this one.
Datatime claimed that the cyber experts “do not believe any further data was breached”, including the QSKIN data survey.
However, a professor and principal investigator for the study said in an email seen by the ABC that he couldn’t confirm whether or not the cyber-criminals had accessed the survey data.