The National Health Practitioner Ombudsman and Privacy Commissioner’s website was unavailable for several hours on Tuesday evening, leading to concerns of a serious data breach and embarrassment for the government as it attempts to quell privacy concerns over its new digital health record system.
A “misconfiguration” of the web server hosting the site led to the homepage displaying an index of all the files hosted on it, including what appeared to be a number of databases, back-ups and log-in credentials.
Alastair MacGibbon, head of the Australian Cyber Security Centre, said late on Tuesday evening that his immediate understanding was that “the website has not been hacked – it was being updated and obviously they didn’t check it”, resulting in the error.
“No personal details of Australians have been exposed,” he said.
Asked what was exposed, Mr MacGibbon said the log-in details of the website’s administrators were visible, but “they can be changed”.
“It’s not a data breach, it’s not a hack, it’s a misconfiguration of a website. It’s certainly not a major security issue,” he said.
However, Mr MacGibbon conceded it wasn’t a good look for the site of a Privacy Commissioner, especially amid current debate over the security of personal information held under My Health Record, the federal government’s new digital health record that all citizens will receive unless they opt out by October 15.
“The irony isn’t lost on me but the significance is being overplayed” by people online, he said.
My Health Record data is managed by the Australian Information Commissioner, not the National Health Practitioner Ombudsman and Privacy Commissioner.
“It’s never great if a website is misconfigured, but this is not a website that should have much more information of that nature on it,” Mr MacGibbon said.
The website appeared to be back to running as normal at around 10pm on Tuesday.
Fairfax Media contacted the National Health Practitioner Ombudsman and Privacy Commissioner but did not receive a response in time for publication.