Statement on historic health data incident, no ongoing risk to patients
26 May 2023
Implementing Acacia requires the transfer of patient data from old systems to the new Acacia system.
In 2018 and 2019, as part of the initial design process, example reports, forms and other documents existing within the ageing systems were required. Unfortunately, some of the clinical documents supplied contained identifiable information.
The issue was identified and immediate steps were taken to identify, contain and remove records with identifiable health information exchanged between officers working on Acacia, including two government agencies and one contractor, Intersystems.
NT Health patients are advised:
- All records shared containing identifiable data were located, quarantined and deleted.
- At no time were records stored outside Australia.
- The data share of records was not related to a software security issue or a cyber security compromise – the information has not been accessed by a malicious actor.
- InterSystems contractors work within the Acacia project team and operate within extensive confidentiality and information privacy requirements that are also codified in commercial contracts.
- InterSystems staff working on Acacia operate within Australia.
- NT Health data and systems are protected by NT Government information and communication technology (ICT) controls and stored in Australia.
- Additional controls have been put in place to strengthen data governance of receipt of data to the Acacia project.
There is no ongoing risk to any individual and Territorians can be assured their health data is protected by NT Government ICT controls.
