Legislative Council Fifty-Fourth Parliament, First Session (54-1) 54 1 Parliament of South Australia Legislative Council published Question Time Cybersecurity Cybersecurity The Hon. T.J. STEPHENS Legislative Council Cybersecurity The Hon. T.J. STEPHENS (14:33): I seek leave to make a brief explanation before asking the Minister for Health and Wellbeing a question in relation to cybersecurity. Leave granted. The Hon. T.J. STEPHENS Legislative Council The Hon. T.J. STEPHENS: Yesterday, in a question to the minister, the important issue of research and technology in medicine was raised. As members would be aware, technology brings both benefits and risks. My question to the minister is: will he update the council on cybersecurity regarding South Australian Health? The Hon. S.G. WADE Legislative Council Minister for Health and Wellbeing The Hon. S.G. WADE (Minister for Health and Wellbeing) (14:33): I thank the honourable member for his question. Members of the council will be aware of a possible data security breach reported by human resource company PageUp, which has received extensive media coverage. PageUp is a major external provider of software to banks, telecommunications companies and government departments. SA Health is one such government department. The potential security breach at PageUp impacts the online system for SA Health recruitment processes. SA Health is in the process of suspending its PageUp service. While this system potentially has been compromised, at this stage SA Health has not been made aware that any data held within its PageUp systems has been breached. I understand that PageUp has initiated a forensic investigation, with assistance from an independent third party, and notified international law enforcement agencies. PageUp has advised that the source of the breach was a malware infection and that this malware has now been eradicated, and that it had improved its cybersecurity controls so that this malware could now be identified in the future. As PageUp was used only for recruitment, there is no risk to patient records or any breach of privacy for the thousands of South Australians who receive treatment from SA Health agencies. SA Health staff have been advised of this issue via a bulletin this morning, and the actions they need to take to secure the information. I assure the council that SA Health executives are actively monitoring the development of this issue.