Dire legal issue looming over Optus

A legal expert has outlined why Optus could face more legal woes after a nationwide outage crippled everything from phones to critical healthcare infrastructure.

Optus could face multimillion-dollar legal consequences in the wake of its disastrous network outage after health services across the nation were disrupted.

The beleaguered telco has endured a bruising few weeks after senior bosses fronted a senate inquiry in addition to class action proceedings being lodged in the Federal Court following a massive data breach in September last year.

Last week’s outage crippled millions of customers, who were left without mobile phone or internet reception for hours.

Optus revealed changes to ‘routing information’ caused the nationwide outage last Wednesday. Picture: NCA NewsWire / David Mariuz

Thousands of businesses were also impacted – some losing thousands of dollars when payment systems reliant on Optus connections crashed.

It even affected Victoria’s rail system, with Metro Trains revealing the outage prevented the control centre from communicating with trains.

Legal expert Samantha Pillay said the outage had not only left healthcare providers exposed to legal action but Optus open to the ramifications of providers looking to recover any losses.

“Healthcare providers have reported that telehealth appointments were cancelled, on-call obstetricians and anaesthetists couldn’t be reached and triple-0 emergency call services were unavailable from landlines,” Ms Pillay, insurance and health principal at law firm Barry Nilsson, said.

Barber Arjang Namvaran was affected by the Optus outage at his Brighton barber store. Picture: NCA NewsWire / David Geraghty

“The impacts of these types of events could be far greater in the future as the delivery of healthcare increasingly moves online to make it more accessible to rural and regional communities.”

Ramsay Health Care reported phone services across the country were brought down during the national outage.

In South Australia, the Department of Health said hospital switchboards had been impacted.

Other hospitals in Melbourne – including Northern Hospital Epping, Broadmeadows Hospital, Bundoora Centre, Craigieburn Centre, Kilmore District Hospital, and Victorian Virtual Emergency Department (VVED) – also had their phone lines impacted.

Ms Pillay said new technologies in the health sector allowed doctors to monitor the vital signs of patients and track important factors like blood pressure and glucose.

They would be automatically alerted when a patient’s condition deteriorates.

Samantha Pillay, Barry Nilsson Insurance & Health Principal. Picture: Supplied
Barry Nilsson insurance and health principal Samantha Pillay says the outage could have legal ramifications for Optus after critical health services were impacted. Picture: Supplied
Ms Pillay said healthcare providers could take action to recover losses suffered by their businesses but also could face claims from patients harmed as a result of Optus’ outage. Picture: NCA NewsWire / Sarah Matray

Ms Pillay said a failure of these technologies from network outages, such as Optus’, could lead to “serious or even catastrophic harm” for patients, especially in regional or rural communities.

“Healthcare providers, on the one hand, may take action to recover losses suffered by their business,” she said.

“On the other hand, they may face claims by patients who suffered harm as a result of the event.

“Even with a federal government inquiry and Australian Communications and Media Authority (ACMA) investigation into the Optus outage, this type of black swan event will likely continue to occur as new technologies evolve and our reliance on them intensifies.

“In the not-to-distant future telesurgery, aided by next generation 5G, could become a reality in Australia.

“But what happens when a surgeon thousands of kilometres away, possibly in another country, is taken out of a remote real-time surgery by a telecommunications outage.”

Optus’ outage adds to a growing list of headaches, including a senate inquiry, reviews by the communications regulator and a class action following the September 2022 data breach. Picture: NCA NewsWire / Andrew Henshaw

On Monday, Optus revealed the nationwide outage was caused by changes to “routing information” following a software upgrade at the telco.

Some 10.2 million customers had no internet or mobile access last Wednesday for about 13.5 hours.

Services went down about 4.05am and weren’t fully restored until 5.35pm.

In a statement, Optus said their network “received changes to routing information from an international peering network following a routine software upgrade”.

“These routing information changes propagated through multiple layers in our network and exceeded preset safety levels on key routers which could not handle these,” their statement said.

“This resulted in those routers disconnecting from the Optus IP Core network to protect themselves.”

Optus said the restoration required reconnecting or rebooting the routers physically across a number of locations all over Australia.

“This is why restoration was progressive over the afternoon,” their statement said.

Optus has since apologised to customers, offering eligible postpaid customers 200GB of extra data as a compensatory offer.

Unhappy customers leave the Optus shop on George St in the Sydney CBD during the nationwide outage. Picture: NCA NewsWire / Gaye Gerard

The telco’s bruising week has only worsened, with the chaotic outage referred to a senate inquiry chaired by Greens communications spokeswoman Sarah Hanson-Young.

Optus vice president of regulatory and public affairs Andrew Sheridan said the company would co-operate with any proposed reviews by Australia’s federal communications department and the ACMA into the network outage.

“As a critical infrastructure provider, we understand how important it is to ensure continuity of service and any lessons learnt are likely to be helpful for both Optus and others in our industry,” he said in a statement.

The Australian Business Network reports Optus could be forced to pay up to $400m in compensation if it enters an agreement with the regulator.

In addition, thousands of customers have joined a class-action lawsuit against the telco after their personal information was hacked in 2022.

Up to nine million Aussies were stung in the data breach, which exposed their names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses and ID document numbers such as a driver’s licence or passport number.

A hacker believed to be behind the attack demanded a $1.5m ransom on a forum for the data’s return.

But bizarrely, the post was taken down and the author apologised for his actions.

Slater and Gordon’s class action suit alleges Optus failed to “protect, or take reasonable steps to protect, the personal information of its current and former customers”.

“The type of information made accessible put affected customers at a higher risk of being scammed and having their identities stolen, and Optus should have had adequate measures in place to prevent that,” class actions practice group leader Ben Hardwick said.

“Concerningly, the data breach has also potentially jeopardised the safety of a large number of particularly vulnerable groups of Optus customers, such as victims of domestic violence, stalking and other crimes, as well as those working in frontline occupations including the defence force and policing.”

An Optus spokeswoman said: “As matters are currently before the courts we won’t be commenting at this time.”