Sunday, July 09, 2017
A Security Expert Points Out Some Holes In The myHR Defences. Should We Be Concerned?
This appeared a few days ago.
Sue Dunlevy, National Health Reporter, News Corp Australia Network
July 3, 2017 10:00pm
THE health records of every single Australian, including the Prime Minister, will be vulnerable to a hacking attack from next year, an IT expert has warned.
The private health information of every Australian will be put into a centralised data base when the government automatically creates a digital My Health Record for everyone in 2018 unless they opt out.
The record will reveal whether people have had an abortion, a sexually transmitted disease, a mental illness and other potentially sensitive health information.
Paul Power, who heads Power Associates, a company that has been doing IT consultant work for medical practices for 17 years, says the system is extremely vulnerable to hacking because it centralises information and has so many access points in hospitals and doctors’ surgeries.
“A centralised eHealth database accessible over the internet to over 100,000 legitimate access points, each of which has access to the entire database, is fundamentally indefensible,” Mr Power says about the My Health Record.
Concerns about the vulnerability of health records comes just weeks after Britain’s National Health Service was bought to its knees by the Wannacry ransomware virus.
Mr Power is urging the government to follow Germany and put My Health record on a memory chip in a patient’s Medicare card.
Under this system only one person at a time could be hacked and every time a health practitioner uses the card it would bring the record up to date and keep a copy.
Mr Power fears our centralised system could allow hostile governments to access sensitive health information on key businessmen, military chiefs or politicians in an effort to compromise them.
And he’s written to Health Minister Greg Hunt multiple times to warn him of the danger.
The Department of Health last year released 30 years’ worth of Medicare data to researchers in such a sloppy way it was possible to decode and identify the names of doctors and possibly patients.
It took computing researchers at Melbourne University just three days to reveal the six digit number that identified the doctors linked to the records.
Lots more worrying stuff here:
There was also TV coverage:
Published: 03 July 2017
Yet, your entire medical history will soon be at risk of being made pubic for the entire world to see, at the mercy of cyber hackers who may feel like causing mischief, according to warnings from an information technology expert.
From next year, The private health information of every Australian will be held on a centralised database when the Federal Government launches ‘My Health Records’, unless you consciously choose to ‘opt out’.
This sensitive information can be extremely damaging, ranging from sexual health information, mental illnesses, any details of abortions, and other private medical data we do not want people knowing.
I have to say it is hard to disagree with Mr Power. Securing a system which has so many users from all over the country, which is providing such a large database of personal information, is hardly something you can be confident is going to be achievable 100% of the time!
It seems to me, with the planned ‘replatforming’ of the myHR – if it is not scrapped, then a much more distributed model is required. There are many ways to skin this cat – if you must – that would be much more secure and much more privacy protective.
What would be your ideal approach to meeting the known use-cases for the myHR?
Posted by Dr David G More MB PhD at Sunday, July 09, 2017