‘A much more serious breach than Optus’: how hack affecting NDIS participants went under the radar

Sensitive medical information about NDIS participants and aged home care residents was hacked in May but little action was taken.

(Image: Zennie/Private Media)

The government will announce a wave of security measures this week after the cyberattack that exposed the personal information of millions of Optus customers.

Government action for Optus customers was swift, but there’s been no justice for National Disability Insurance Scheme (NDIS) participants, nor aged care home residents and their carers. In May, data from CTARS — a cloud-based client management system for NDIS and out-of-home care services — was hacked, with data samples posted on the deep web. 

The information is highly sensitive, including health records such as diagnoses; treatment and recovery of medical conditions; and Medicare, pensioner card and tax file numbers. The data could also include information about mental health, suicide iteration, incontinence and how a disability is progressing. 

To keep reading, join us as a member. You can join us through our 50% off sale. Your support makes our independent journalism possible.

JOIN US