12 September 2011

Medvet Breach

The Adelaide Advertiser reports that -
Faulty software has been blamed for a glitch which published the private details of about 800 clients of a DNA testing company on the internet.

Medvet Laboratories said today the faulty software had been purchased from a reputable international supplier.

Managing director Greg Johansen said that while he was satisfied the cause of the problem had been found and that Medvet was not to blame, there was no excuse for the breach and he repeated an apology to clients.

He said Medvet had stopped using the software, and all necessary steps had been taken to ensure the security of confidential client information.
In a post earlier this year I suggested that the breach per se was of less concern than Medvet's apparent failure to have previously identified potential data breach problems and established protocols allowing for a quick, effective response. Medvet had previously boasted in its site and promotional literature about the security of confidential client information. Liability in relation to third-party software remains an interesting issue, as is compliance with standards.

Medvet for example announced last year that -
we were assessed by the National Association of Testing Authorities (NATA) for the oral fluid drug testing Australian Standard AS 4760:2006. On March 11 2010, Medvet Laboratories was awarded full compliance with Section 2 of AS 4760:2006. This includes: collection, storage, handling and dispatch of oral fluid samples to the laboratory.

This means you can be assured that when your staff provide an oral fluid sample to an authorised Medvet Laboratories collector, their privacy, confidentiality, and the chain of custody of the sample are maintained to the nationally prescribed standard.

The accreditation shows Medvet Laboratories continues to be at the forefront of drug testing in Australia. Medvet Laboratories is the most highly accredited drug testing company in the country, boasting full AS/NZS 4308:2008 urine accreditation and Section 2 AS 4760:2006 oral fluid accreditation.
Time to up the standards?

The Advertiser article continues -
Financial services and risk management group Deloitte had investigated the security breach in July this year.
The results of that investigation have not been released. The results of an investigation by the South Australian government, Medvet's owner, have also not been released. It is unclear whether the problems will erode the price sought by the government in the foreshasdowed sale of Medvet Laboratories, highlighted in the 2010/2011 SA Budget with expected sale in 2012-13 (in line with internal valuation of $15m) raising funds for "front-line health services".