The Australian healthcare sector has emerged as the leading source of notifiable data breaches in the second half of 2024, according to the latest report from the Office of the Australian Information Commissioner (OAIC). The biannual Notifiable Data Breaches Report, covering July to December 2024, reveals concerning trends across industries with human error continuing to play a significant role in data security incidents.
Healthcare providers reported the highest number of breaches during this period, followed closely by the financial services sector. What’s particularly alarming is that nearly half of all reported breaches resulted from avoidable human errors rather than malicious cyber attacks, pointing to ongoing challenges in organisational security awareness and training.
The report identifies phishing attacks as the most common method used by malicious actors to gain unauthorised access to systems. These sophisticated social engineering techniques continue to evolve, making them difficult for employees to detect despite increased cybersecurity awareness efforts across industries.
Contact information remains the most frequently compromised data type, with identity documents and financial details also frequently exposed. The OAIC notes that organisations taking more than 30 days to detect breaches has become a concerning trend, highlighting deficiencies in monitoring and detection capabilities among Australian businesses.
The Commissioner emphasized that proactive security measures and prompt notification are essential responsibilities under the Privacy Act, urging organisations to strengthen their data protection frameworks as cyber threats continue to evolve in sophistication and frequency.