Question 5 (10 marks)
A hospital experienced a cyber attack, resulting in the unauthorised access of patient and staff data. The data accessed by the malicious individuals included contact information, medical histories and records, as well as financial information including bank account and credit card details.
a. Identify the criteria that would make this an ‘eligible data breach’ under the Privacy Amendment (Notifiable Data Breaches) Act 2017.
2 marks
b. Outline the steps that the hospital’s management must take to ensure compliance with the legislation.
4 marks