Sensitive patient records are at risk of being compromised in some of Australia’s biggest public hospitals because of weak passwords and staff complacency, an audit has found.

The Victorian Auditor-General has warned that weaknesses in data security practices at the state’s public health services have made them vulnerable to attacks that could steal or alter patient data.