HealthEngine notifies users of data breach

Health service booking platform HealthEngine says it has notified the Office of the Australian Information Commissioner of a data breach affecting some of its registered users.

The breach relates to the company’s ‘Practice Recognition System’: A user review system for medical practices.

Earlier this month Fairfax Media revealed that HealthEngine had been selectively publishing positive excerpts from reviews left by the service’s users mdash; including only positive feedback. Fairfax revealed that the full, unexpurgated feedback was visible in the source code of HealthEngine’s pages for medical practices.

Some 75 of the full PRS entries contained identifying information, HealthEngine revealed. The company said it had notified the individuals who left the reviews.

After the Fairfax report, HealthEngine said it would change how it managed the PRS feedback system.

Today it said it would temporarily pull the system from the site.

“We have removed all published patient feedback from our site while we review the HealthEngine Practice Recognition System, to ensure that hidden feedback information can no longer be accessed in this way,” the company’s CEO and founder, Dr Marcus Tan, said in a statement.

“Due to an error in the way the HealthEngine website operated, hidden patient feedback information within the code of the webpage was improperly accessed,” Tan said. “This information is ordinarily not visible to users of the site.”

“We take data security very seriously, and acted swiftly and decisively when we became aware of the breach, to identify the error and shut down the published patient feedback function of the Patient Recognition System on the website,” the statement said.

The PRS is not the only source of controversy HealthEngine is dealing with.

The company has been under fire for passing the details of some of its registered users on to compensation lawyers.

In the wake of criticism from privacy advocates and the Australian Medical Association, HealthEngine said it would “make substantial changes to its business model around advertising and referrals”.

Copyright © 2018 IDG Communications, Inc.

How to supercharge Slack with ‘action’ apps
Shop Tech Products at Amazon