On Friday October 28 2016, the ABC published a news report about the disclosure of private blood donor information from Australia’s Red Cross Blood Service (ABC 2016). The personal information of about 550,000 blood donors had been stolen, including names, addresses, and details of “at-risk sexual behaviour”. This is believed to have been Australia’s largest security breach.
Public reports to date such as that written by Troy Hunt claim the breach was not the result of a hack or forceful act, rather a discovery resulting from a common type of scanning activity. Whilst indications suggest the spread of the data leakage is low, it calls into serious question how such a critical service could have had such a lapse in data handling practices.
Upon reading the reports of the breach, the technically minded would have spotted the poor, or absent data handling practices. As Hunt states, “most organisations have a raft of different, systems, processes, people and partners that handle their data” (Hunt 2016), and based on his experience “it’s not unusual to see data pass through many hands. It shouldn’t happen, but it’s extremely common” [Troy Hunt’s emphasis] (Hunt 2016).
Mitigation
To reduce the chances of similar events happening again, rigorous data handling practices are needed. Some of these practices include:
Data Anonymity
Personally identifiable data should be used only as a last resort. The default treatment should be to anonymise personally identifiable information.
Information Classification Scheme
A simple information classification scheme that assigns data according to its sensitivity and privacy requirements. An onerous classification scheme becomes unwieldy and is susceptible to misuse.
Needs-Based Access
This is a simple control, that in contrast to the information classification scheme, effectively classifies the people that can access sensitive and private information.
Encryption of private information
This is a technical control that provides a safeguard should people oriented controls be ignored or fail. The engineering of unique encryption-based solutions is a discipline demanding thorough knowledge and study. Organisations should adopt encryption solutions based on well-studied standards that allow owners retain control of private keys and passwords at all times.
Response
Should there be a breach, a computer emergency incident response plan that has been drafted and approved by senior management is an important tool. This encourages a coordinated response, and provides a lens through which energies can be focused. For organisations without dedicated computer security resources, an external computer emergency response team such as AusCERT, which was involved in the Red Cross breach can provide expert advise and resources.
That such a preventable event could have afflicted both the Red Cross Blood Service and its donors is tragic. Not just for the damage to goodwill, but to the likely reduction in the short to medium term of blood donations. The Red Cross Blood service have responded in a transparent and honest manner. They have not sought to shift blame and “take full responsibility for this mistake and apologise unreservedly” (Australia Red Cross Blood Service 2016).
Sources
ABC, 2016. Red Cross Blood Service data breach. Available at: http://www.abc.net.au/news/2016-10-28/red-cross-blood-service-admits-to-data-breach/7974036.
Australia Red Cross Blood Service, 2016. blood-service-apologises-donor-data-leak. donateblood.com.au. Available at: http://www.donateblood.com.au/media/news/blood-service-apologises-donor-data-leak.
Hunt, T., 2016. The Red Cross Blood Service: Australia’s largest ever leak of personal data. Available at: https://www.troyhunt.com/the-red-cross-blood-service-australias-largest-ever-leak-of-personal-data/.