🔒breach.co.nz · the NZ & Australia breach register 🛡️ A Govern service
Register › 🇦🇺 AU › Healthcare
Advertising
Your brand, in front of the right people
Run-of-site leaderboard — every ad-supported page across the register.
Enquire → breach@govern.co.nz

Ambulance Tasmania

🇦🇺 Tasmania · Ambulance Tasmania (Tasmanian Department of Health) · Record AU-2020-0210
○ Reported — awaiting official confirmation
Reported — awaiting official confirmation. The facts below are drawn from the organisation's own disclosure and credible reporting. Figures are as reported; unknowns are labelled, not estimated by us.
People affected
Not disclosed
Breach date
2020-11
Regulator
Referred to Tasmania Police; Tasmanian Department of Health investigation
Trust tier
B · Reported

Data exposed

Patient names, incident locations, age, gender and the medical condition or nature of the callout — including, in at least one case, HIV status Media-reported

Confidence: Confirmed = regulator/court · Company-confirmed = the organisation's own disclosure · Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In January 2021 it was reported that personal details of Tasmanians who had called an ambulance were being captured from Ambulance Tasmania’s paging (pager) network and published on a website in near real time [at-examiner], [at-upguard]. The exposed information reportedly included patient names, the location of the incident, age, gender and the medical condition or nature of the callout, and in at least one case a patient’s HIV status [at-examiner]. The data flowed from unencrypted paging transmissions that a third party intercepted, decoded and posted online [at-upguard].

Timeline

  • 2020-11 — Data reportedly began appearing on the offending website from around November 2020 [at-upguard].
  • 2021-01 — The breach was publicly reported and referred to Tasmania Police [at-examiner].

Current status

Disclosed and investigated. The matter was referred to Tasmania Police and the Tasmanian Department of Health, the offending website was blocked, and steps were taken to stop personal information being sent over the paging network [at-examiner], [at-upguard]. Reporting described the exposure as covering everyone who had called an ambulance since late 2020, but no official count of affected individuals was published, so no figure is asserted here.

Why it matters

Emergency-dispatch data is among the most sensitive personal information a health service holds — it reveals where someone was, when, and why they needed help. Sending it over an unencrypted paging network left it open to anyone able to receive those signals.

GGOVERN Tabletop Exercises · Govern house When ransomware hits the ward, will your team know the call? Book a Discovery Call →