In February 2018, amendments to the Privacy Act 1988 (Cth), came into force introducing the mandatory reporting obligations for eligible data breaches. The mandatory reporting obligations are applicable to healthcare providers, which includes dental and medical practices and clinics.

Cyber-attacks, and resultant data breaches, are an ever growing issue in the health sector due to the valuable nature of patient, staff, business and third party information.

Early detection, assessment and appropriate management, including notification to the Office of the Australian Information Commissioner and affected parties, of the cyber-attack and data breach is vital in responding to the data breach and obtaining the best outcome possible.