Australian Red Cross Blood Service Data Breach Investigation Report

Verified

Added on 2023/01/09

AI Summary

This report examines the data breach incident involving the Australian Red Cross Blood Service, where a database file containing the personal information of approximately 550,000 prospective blood donors was inadvertently exposed on a public-facing web server. The report details the background of the incident, the role of the Donate Blood website, and the actions taken following the breach, including the post-incident response and the Commissioner's investigation. It analyzes the relevant provisions of the Privacy Act, particularly APP 6 (Disclosure of personal information) and APP 11.1 and 11.2 (Protection and Retention of personal information), and presents findings regarding the protection and management of personal information by the Blood Service. The report also discusses the changes implemented in information handling practices following the incident and provides a conclusion summarizing the key aspects of the data breach and its implications.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Australian Red Cross Blood Service Leak
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Contents
INTRODUCTION...........................................................................................................................3
MAIN BODY..................................................................................................................................3
CONCLUSION................................................................................................................................5
REFERENCES................................................................................................................................6
2

INTRODUCTION
The documentation will discuss about the Australian Red cross blood service, which mainly
providing the individual person to book appointment and then donate their blood. It will identify
the specific database file that will be stored or collected information in regards of 50,000 blood
donors, who will participate in the different activities.
The database file will be consider as inadvertently placed on the web server by staff
member. After few times, it will be discovered that access the information or data by unknown
person. in order to leak the information related the blood donors and increase data breach
situation or condition. It will identify the root cause of data breach incident and how will protect
or secure the personal detail through Australian privacy principle.
MAIN BODY
Background detail of donate blood
The donate blood website is considered the best way to select option by individual
person. in order to search information or data about blood donation, use of blood. These are
considered as important question for public (Sarich, Canfell and Weber, 2019). Therefore, it can
easily relate to the blood donation. Australian government initiative towards the blood donation
program or event (Jones, 2019 ). In this way, large number of people will use website to send
request for appointment and make a donation. The website should include full information and
also accessible for individual person in the future.
In website, the primary audience is potential donor and another of researchers, career
seeker and media. These are entered the personal or sensitive information in the website. There
are lot of reason to access website. In this way, it is important for blood service provider to
protect or secure the information of individual.
Afterward, it has developed the incident of data breach in 2016. When a person enter
information on the website for purpose to make appointment but it has not properly record data
or destroy the identity (Sarich, Canfell and Weber, 2019). Internet service provider (ISP) is more
responsibility to manage or control the accessibility of people on the website. In this way,
unauthorised person can access information in order to damage the sensitive detail of client.
3

Usually, Amazon web service is hosting the production and provide the other facilities such as
live option, user-facing.
The data breach
According to database file, which mainly containing the information about the red blood
donate program or event. On 5 September 2016, the employee has been created the backup plan
for protecting the database file on UAT environment. The current website should be included the
donate blood information and data files (Roxanas, Gendek and Lane, 2019). This will help for
individual person to access the portion of UAT server, instead of secure the location.
The data file is contained all registration information that must include 550,000 donors
who have made appointment for purpose of blood donation. Sometimes, it access the information
through “Australian red blood donate” website. On 25 October 2016, employee can scan the
internet for purpose of security vulnerabilities, accessed and located. In order to prepare back up
plan to store data file (Sarich, Canfell and Weber, 2019).
Generally, the data files are containing the personal information of individual person who
will access website, also include contact details about the eligibility criteria of blood donation.
Post-incident Response
In 2016, individual person who have been identified the vulnerability, and other cyber
security expert who will always operate the site and identifying the data breach notification
service. The security expert has a diagnosis data breach incident and then informed the
(AusCERT) Australian cyber emergency team (Sarich, Canfell and Weber, 2019). Furthermore,
AusCERT team have performed the another step to resolve the data breach problem.
AusCERT team would be providing the awareness among people where they attempted
to contact with blood service provider. Initially, AusCERT team did not give a proper response
from the blood service. Internet service provider (ISP) is responsible because they were hosting
UAT environment. On 25 Oct 2016, ISP has stopped the service whereas database files was no
longer to accessible for public (Roxanas, Gendek and Lane, 2019).
Implement the policies and procedures to protect information
After completing the investigation process, it has moved towards another step when
implement mitigate plan for reducing the data breach. Organization will implement privacy act
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

which may comply with APPs. Therefore, it is helping to handle the personal information
through “Privacy” Act (Roxanas, Gendek and Lane, 2019).
Generally, when it is disclosing the personal data for primary purpose. The legal entity
should take responsibility to take action against unauthorised person (Sarich, Canfell and Weber,
2019). if in case, it has been protected from different activities such as misuse, loss and
interference in the data. Moreover, the organization must take care of privacy and also
eliminating the situation of destroy de-identify data (van Dijk, 2019). However, it has
immediately stopped the unauthorised access. In order to protect the situation of data disclose. In
2016, The commission has announced that always handling the blood service details, Also
protecting the personal information.
The data breach incident was happen due to human error, at the point of precedent staff
member (Roxanas, Gendek and Lane, 2019). In this way, there is no direct involvement with
blood service. it did not disclose the data file.
CONCLUSION
From above discussion, it has summarised about the Australian Red cross blood service,
which mainly provide to individual people who are showing interest towards website. The
documentation is mainly focused on the specific database file, which contain the data in
regarding of 50,000 blood donors. Furthermore, it also include the background detail about blood
donor’s such as gender, donor id, address, suburb for donation, time and date.
As per analysis, it has determined that increase the data breach incident but it require to
protect or secure sensitive information. That’s why, it can implement appropriate policies and
procedures to handle the complex situation. Internet service provider has been stopped the
accessible service for public use.
5

REFERENCES
Book and Journals
Jones, M.M., 2019. The American Red Cross “Mercy Ship” in the First World War: A Pivotal
Experiment in Nursing-Centered Clinical Humanitarianism. Nursing History Review.
28(1). pp.31-62.
Roxanas, M.G., Gendek, M.A. and Lane, V.E., 2019. Cliveden: The Canadian Red Cross
Hospital, William Osler and the ‘Taplow Affair’. Journal of medical biography. 27(4).
pp.220-229.
Sarich, P., Canfell, K. and Weber, M., 2019. A prospective study of health conditions related to
alcohol consumption cessation among 97,852 drinkers aged 45 and over in
Australia. Alcoholism: Clinical and Experimental Research. 43(4). pp.710-721.
van Dijk, B., 2019. “The Great Humanitarian”: The Soviet Union, the International Committee
of the Red Cross, and the Geneva Conventions of 1949. Law and History Review. 37(1).
pp.209-235.
6