Legislative Council: Tuesday, July 24, 2018

Contents

Cybersecurity

In reply to the Hon. J.E. HANSON (7 June 2018).

The Hon. S.G. WADE (Minister for Health and Wellbeing): I have been advised:

In relation to the possible data breach in the PageUp recruitment system, SA Health is satisfied that the incident has been contained and is being independently investigated.

The PageUp company has engaged multiple independent security vendors to assist in understanding the scope, impact and consequence of the incident. They have also engaged the Australian Cyber Security Centre (ACSC) and the Australian Federal Police. PageUp has also notified the Office of the Australian Information Commissioner (OAIC). In a joint statement from OAIC, ACSC and IDCare, it was stated that no Australian information may actually have been stolen.

While the investigation is ongoing, there is currently no evidence that any SA Health job applicants have had their data breached. As part of the communication strategy for incident handling, a notice has been placed on SA Health's career website keeping employees and applicants informed of developments with the PageUp incident. If needed, these notices can serve as supporting documentation if a person wishes to apply for a commonwealth victims' certificate. Response to the incident has been centrally coordinated by CERT Australia, which is the Australian Government's national Computer Emergency Response Team (CERT).

As part of its own response to the potential breach SA Health is engaging with CERT Australia. Along with SA government's chief information security officer, SA Health is regularly briefed by the Joint Cyber Security Centre under CERT Australia and PageUp.