Quote Of The Year

Quote Of The Year - Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

Thursday, August 02, 2018

It Is Important To Note That, While Being Late, The Mainstream Press Now Says The myHR Has Been Multiply Breached!

So much for "Military Grade" security.
There are reports here:

REVEALED: Controversial My Health Record system with 'military-grade security' has ALREADY been hacked nine times

  • The controversial My Health Record system has already been hacked nine times 
  • Health Minister Greg Hunt claimed the system boasted military-grade security 
  • Revelation comes amid huge concerns regarding the My Health Record system
  • Concerns over the system's privacy prompted 20,000 to opt out on the first day
The controversial My Health Record system has already been hacked nine times.
Health Minister Greg Hunt claimed the system boasted military-grade security, saying this week, 'the advice that I have, no data breaches'. 
But contrary to Mr Hunt's claims, the Australian Digital Health Agency, which runs the system, admitted to nine breaches since the network was established.
More here:
and here:

Data breaches linked to My Health Record kept secret

by Sue Dunlevy
2nd Aug 2018 3:28 AM
A NEWS Corp investigation can reveal there has already been nine data breaches involving the Federal Government's My Health Record system.
The revelation comes as Health Minister Greg Hunt bowed to mounting public pressure and strengthened privacy provisions relating to accessing the record.
Mr Hunt also announced there would be changes to the deletion of records and also extended the opt-out period after meeting with doctors from the Australian Medical Association and College of General Practitioners on Tuesday night.
The opt-out period will be extend for a month until November 12.
News Corp can also reveal Australians who want to opt out of the My Health Record using a paper form can't unless they live in a rural area.
A survey of 471 doctors by industry magazine Australian Doctor has found eight in 10 doctors plan to opt out of the record because they do not trust it will be useful or kept up to date.
The results come amid News Corp findings that claims there has never been a data breach of the My Health Record are not true.
Health Minister Greg Hunt has been claiming the record has military grade security and said: "the advice that I have, no data breaches and no releases to any law enforcement agencies after six years."
However, in its own question and answer publication sent to doctors, the Australian Digital Health Agency, which runs the record, admits there have been nine data breaches associated with the record.
"In the 2016-17 financial year, there were six data breach notifications within My Health Record, and three notifications in the previous financial year," the agency admitted.
"Of the six data breaches reported by the Agency, four were the result of alleged fraudulent Medicare claims," the agency said.
"The remaining two breaches were the result of a consumer accessing a My Health Record that was not their own due to a processing error by the Department of Human Services."
There were no financial or jail penalties applied as a result of the breaches even though the agency says there are penalties of up to $126,000 or a two-year jail terms.
More here:
I blogged about this months ago – heck they are slow on the uptake!
David.

38 comments:

Anonymous said...

Perhaps the Minister should ask Wikileaks about ‘military Grade Security’

In a more serious note this is starting to creep into the realm of dishonesty, when you have to lie to your minister and the people then you probably should step down. Our government needs no assistance in looking like a rabbit stuck in the headlights.

Bernard Robertson-Dunn said...

the government has a habit of confuisng security with privacy

They are not the only one. The ABC interviewed me recently and wanted to talk about security breaches, data breaches and privacy breaches. I'm not sure they understood the differences.

There is a rumour running around that the ADHA is trying to get an IT security company (they've tried several) to write an opinion piece that explains why the "strong security protections" in myhr ensure privacy.

Forget the 900 insecure end-points, they ignore them.

It's like applying the 80:20 rule to the water tightness of a submarine hull. There are some things that have to be 100%; anything less is useless.

Anonymous said...

An interesting ask from a risk adverse sector, still I am sure one of the big four will accomodate.

Anonymous said...

Why would they be seeking a cyber security firm to write a nice review? Surely the ASD has certified this system as meeting the cyber security requirements for Government infrastructure? The ADHA must have been assessed and certified to at least a high level. They are not playing with specifications like their predecessor. They are now a national operator, been there for two year.

Bernard Robertson-Dunn said...

"Why would they be seeking a cyber security firm to write a nice review?"

Because they want to counteract the claim that they haven't addressed security and privacy.

All it will do is expose that they doon't know the difference between technology security and information privacy.

Anonymous said...

The money might be better spent explain exactly what is meant by ‘and when you cancel your record will be permanently deleted’

I am yet to see any information coming out to explain these changes the Minister announced.

Anonymous said...

It should be noted that what the minister is stating is not yet law, it is not even register as a proposed bill. In essence the Minister and ADHA are promising an outcome that is non-existent. Much the same as those driveway gangs who demand payment upfront from elderly people with no intention of ever doing the driveway, or at best do such a cowboy job your driveway is washed away in the first summer rains.

If they are true to their word what’s the harm in stopping optout? We want to get things right for the people of Australia don’t we?

I was told at HIC by someone at ADHA that they are seeing lots of people opting in, does raise the question around why the CEO says they cannot determine how many are opting out.

For those interested, passing a bill has a process - https://www.aph.gov.au/bills

Bernard Robertson-Dunn said...

As with many political statements the devil is in the detail:

What legislation? When? Are they confident they can get the changes through the senate? Or will they use regulations?

How much will it cost to change the system? When will this happen?

Will they change the opt-out dates?

And when it comes to "deleting a patient's record" does that include back-ups?

How about they delete documents in a current myhr that have been replaced by updated ones.

When and where is the improved communications? Will they be open and transparent about all the costs and risks?

How will they ensure that all sectors of the community are informed?

Anonymous said...

All very sensible and reasonable questions Bernard, perhaps COAG could provide some leadership and answer these

Bernard Robertson-Dunn said...

Further to the question of deleting myhr records, here's an overview

My Health Record: Deleting personal information from databases is harder than it sounds

https://theconversation.com/my-health-record-deleting-personal-information-from-databases-is-harder-than-it-sounds-100962

Perhaps someone (Greg Hunt? COAG) could say if they've had a quote from Accenture etc as to how much this delete function would cost.

Considering there was no delete function at all in myhr this is a huge change, especially for backups, which is significantly simpler if there is no delete.

And people wonder why government IT projects keep failing. The most common cause is changing/unclear requirements. Greg has just pulled the rug from under the feet of the IT people.

Accenture must be rubbing their hands with glee. They can charge what they like because the government has made a blind commitment and must now pay the price, either in $ or at the ballot box.


Anonymous said...

And then there are the other change aspects

Replatforming - the design change will need to reflect delete and destruction

Test beds - each will now need to model in patients records being deleted and patients opting out

Fortunately any interoperability models would have this built in, interoperability is a resilient model, one that accommodates expansion and retraction of participants

Bernard Robertson-Dunn said...

The government must be between a rock and a hard place. Really good interoperability negates the need (from a clinical, not a government data grab perspective) for myhr.

The replatforming wish-list of "solution requirements" includes interoperability but not a delete functionality.

Greg, has put the cat among the pigeons. But that's normal for government IT - and so is failure. There is a connection.

Juanita said...

Very intelligent and sensible analysis Bernard. It synthesizes all the feedback that advocates and others have provided government authorities over the years.

Since before 2008, we were continually advised by government authorities that all of the useful functionality many people proposed to protect privacy and security, including myself, were IMPOSSIBLE to implement due to the way the online national health database had been designed- system architecture was too expensive to consider our advice (and yes, I still have the contemporaneous notes). A series of cascading error with the current iteration of the "opt out" MHR has underlined the points made by privacy and civil rights advocates for more than a decade. Australians are voting on the system with their feet, by actually opting out, questioning the right of governments to monitor citizens in an unfettered way. So now the government can find even more taxpayer funds than the hundreds of millions of dollars spent so far to prop up the failing system. It doesn't need to be this way, as other European national health systems have demonstrated.

Anonymous said...

I'm waiting for the media to realise that even the 'choice' to opt out is not a choice for many people today, and that over time it may decreasingly be a choice for everyone. For example, you are free to opt out today unless you are chronically ill and want to enrol in a healthcare home. In other words, having a myHR is a prerequisite for utilising this public service. If you dont want a record because of a legitimate concern around privacy, then you are not eligible for this kind of healthcare. That strikes me as profoundly discriminatory for those who have legitimate reasons to not have a myHR. What will the future hold? Cant bulk bill if you dont have a myHR? Can attend school is you dont have a vaccine record in myHR? Even opt-out appears to be a sham if that is the way government is thinking of providing health services. What is the governments intention here? Are we creating a world where if you are poor your access to privacy will be different to those who can afford private care? Scary.

Anonymous said...

@ 12:18 PM. That would seems the world order according to Tim Kelsey, he is in public record saying as much

Anonymous said...

"you are free to opt out today unless you are chronically ill and want to enrol in a healthcare home" - please provide a reference

Anonymous said...

Kelsey has in the past vehemently opposed allowing people to opt out — the exact model he is presiding over in Australia. In a 2009 article, “Long Live The Database State”, for Prospect, Kelsey wrote:
People should be allowed to share their personal data with whom they wish, be it a small charity or a giant like Google. But no one who uses a public service should be allowed to opt out of sharing their records.

Nor can people rely on their record being anonymised — at the moment sexual health services can be anonymous, and as a result there are almost no measures of performance in that sector.
Kelsey’s vision was of a vast state apparatus collecting, consolidating and distributing private information to enable an interventionist state.

Those who dismiss this do so at great cost, remover if you turn a blind eye, they say they come for you, you may find no one is left to defend your rights.

Anonymous said...

For August 03, 2018 12:50 PM "you are free to opt out today unless you are chronically ill and want to enrol in a healthcare home" - please provide a reference

Here you go

http://www.health.gov.au/internet/main/publishing.nsf/Content/health-care-homes

See the end of this page which states:

"Can I become a Health Care Home patient?

If you

have a Medicare card
have a My Health Record or are willing to get one
would benefit from the Health Care Home model of care
and are assessed as eligible by a participating Health Care Home

then you could enrol as a patient."

Trevor3130 said...

Norman Swan:

There's been two or three weeks of concern and angst about the My Health medical record. Nothing has changed in what used to be called the personally controlled health record, PCHR. You still control what goes into it, and the legislation is the same as six years ago when introduced. Until now you've had to actively opt in and register for your own record, which is what I did a couple of years ago, and millions of other Australians have done so without the heavens falling in. The change from November is that you'll be in automatically unless you choose to opt out. Critics have appeared from the woodwork, panicking the public, when that's the only change.

So, even though Swan alludes to the delicate matter of public trust he still frames those who have questions about, let alone outright opposition to, the current design of MyHR as being guilty of "panicking the public". May not be long till he deploys the enemies of the people trope. Swan should get off the ABC, 2GB would welcome him.

Anonymous said...

@101 PM, that explains the appearance of DR Steve Hambleton, care homes is his little honey pot.

Anonymous said...

Norma Swan is an Executive Producer for Tonic. Tonic have a large contract to broadcast MyHR across medical practise that subscribe. An effective means to quickly broadcast the changes and implication but is not doing so

Yet another voice that is a conflict of interest, does the ADHA have anyone to roll out they have not paid?

Anonymous said...

"Here you go.." - thanks. Interesting. David, want to keep a registry of services reserved only for the holder of a MyHR somewhere?

Greg Twyford said...

Contrary to Dr Swan's view, it is a case of the chickens finally coming home to roost.

The government's approach to the electronic health record over the past eight years has repeatedly failed to bring the public on side, as numerous promises of advertising campaigns have come to nothing.

Many dissenting health IT experts' opinions have been ignored along the way, and health representatives on consulting groups have resigned in protest.

Saddest of all, this fixation by government has meant the neglect of other more useful areas, such as data interoperability between clinical systems and secure messaging.

Most GP practices still receive specialist reports by fax, which is about to go out the window, as the NBN disconnects the copper telephone network and routes both phone and fax through the Internet.

Are most specialists aware of, or care about, the increased risk of sharing unencrypted patient information this way? How many will default back to snail-mail?

Anonymous said...

Most insurers require that an insured provide authorisation to the insurer to access the insured’s medical records. The authority provided usually permits the insurer access to your medical information at any time. In determining a claim, the insurer will usually obtain the medical records of the insured and cross reference that information with the disclosures made on the application for the policy. If the insurer identifies relevant matters that were not disclosed, it may purport to decline the claim. The insurers sometimes seek to avoid a policy even if the cause of death is ultimately unrelated to the matters that were not disclosed to it.

What happens if you fail to comply with your duty of disclosure?

Typically the consequences of breaching the duty of disclosure are not felt until a claim is made on the policy.

As the legal fraternity is trying to inform people, there are loopholes in ‘authorisation’. But then show me a case when insurance companies are not looking out for the client.

Bernard Robertson-Dunn said...

An observation:

eHR users are health professionals.

My Health Record users are patients/non-patients and health professionals

The stakeholders for My Health Record are many and various, the most numerous being the Australian population.

Who did NEHTA talk to as representing patients/non-patients. Not consumers, ordinary people?

AFAIK ordinary people were ever consulted. Is it any wonder they are jacking up now?

Anonymous said...

To be fair to Nehta the original audience was clinical, NEHTA did undertake broad stakeholder engagement, requirements gather, standards work etc... by 2011 political deadlines and some poor choices took over, after that the sticky tape took over. The purpose was lost and the world moved on. ADHA appear, hope for change lasted briefly, the CEO sacked most people with a clue and we are no where we are, no way of finding our way back. Blaming nehta is like blaming labour, to much water has flowed under the bridge. This is the mess ADHA has created.

Anonymous said...

My husband just showed me an article in SBS - does anyone else find this a little disturbing and rather desperate

Australian parents have been told storing their children's information on the federal government's controversial electronic health system may save their life in an emergency.

The Digital Health Agency behind My Health Record says children are at risk of serious harm if their parents can't remember information such as their allergies and immunisation history, which the system can keep handy.



Using your love for your child and a fear of children dying is probably the lowest form of advertising. Has it really come to this? Less than shuttle threats your child will die if you don’t sign up?

Bernard Robertson-Dunn said...

So, "normal" people were not consulted? For a Personally controlled Health Record? Should not the people controlling the record have been consulted? What are their requirements? Were their requirements gathered?

No, I will not be "fair" to NEHTA.

IMHO, they stuffed it up. Either NEHTA did what they were told without any questioning of their "orders" or they made a mess of it. Neither is acceptable.

Has anyone learned any lessons? Not that I can see. Greg Hunt has reacted by caving in to some demands by the AMA. Have the people been consulted yet? No. So we still don't know what they want or will accept.

Selling a dead fish to a suspicious nation has next to no chance of succeeding.

Andrew McIntyre said...

In my experience, every national eHealth organization from Healthconnect, Nehta 1 & 2 and ??ADHA has started out very arrogant as if the industry is the problem and slowly through failure after failure they have realized how difficult/wicked the problem actually is and have started talking and possibly even listening, but by that stage the axe is about to fall and they are locked into failure assured plans. None have ever acted on the real issues and we have not progressed at all. I have never been sure if they actually believed that basic things like standards compliance were the whole basis of a connected health system or if it was just rhetoric to shut you up. I am still not sure today, and again there is no action despite "promises" and I hear the sound of axes being sharpened again.

The basic issue is that fixing the real problems involves years of non-announce-able work that doesn't cost much. Perhaps the problem is to much money?

Anonymous said...

@7:08 - The use of fear (in this case your child’s safety) is referred to as terror management theory. Terror management holds that when we fear death, we seek to be a part of something larger than ourselves as individuals. And, for better or worse, buying is one of the primary ways we engage with society. The ADHA is blatantly capitalising on this to drive uptake of the MyHR and demonise those who question its utility and safety. This may be in ethically questionable territory. Crudely the ADHA are manipulating the public’s minds, it maybe part of the Nudge efforts they are deploying. It is that thinking about death (you know, that time when we all must part with our loved ones, forever and it this case emoting our darkest fears) only makes us want to "buy now!"

It is not a tactic I would expect from a government organisation. It does expose the mindset pushing the MyHR. It questions their ethics. It certainly erodes any morale ground they may have.

Anonymous said...

There is now a question as to whether the ADHA is falling foul of the Australian Consumer Law. Even before the changes to legislation and the ability to delete permanently records some claims where misleading, the advertising itself presents a record that is far more graphic and dynamic that the product actually is. Now that significant changes have been stated by the minister, is what is being advertise actually within the lax? I believe what consumers are being told through advertisement no longer reflects the actual product and could well be in breach of the consumer law. Why the ACCCc did not act previously is perhaps a sign of our government institutions are loosing independence and can no longer provide checks and balances.

Extract from the ACL

Two fundamental rules of advertising and selling are that:

you must not engage in conduct that is likely to mislead or deceive
you must not make false or misleading claims or statements.

Bernard Robertson-Dunn said...

A reminder of the website disclaimer:

https://www.myhealthrecord.gov.au/disclaimer

"don't trust anything you read on these pages"

Anonymous said...

Thanks Bernard, that same disclaimer is not present on all the paid advertising, leftlets etc... and certainly not mentioned when anyone from ADHA speaks. Still like ‘breach’ they will claim a lack of definition.

Anonymous said...

I think there might be an issue with the MyHR. I just checked my old account to see if there was much in there. Some 40% of my documents are blank??, all the last 6 months it would seem. Anyone know why that would be? Is the data opened and scanned? Seems very odd.

Bernard Robertson-Dunn said...

"I think there might be an issue with the MyHR."

That, sir or madam, is the understatement of the year.

""Doctor-patient privilege dies with My Health Record

http://newsweekly.com.au/article.php?id=58192

Anonymous said...

Again I read the comparison to Facebook and banking as a reason to embrace ADHA and its record keeping system

Some observations
Facebook has some 20,000 security staff, that is around 1 Cyber Agent per 100,000 subscribers. Somehow I don’t thing ADHA has 250 full time Cyber agents looking out for us.

Facebook is a tech company (marketing is it revenue source), the ADHA is not. Facebook develops and deploys AI and al sorts of next generation cyber tools. ADHA has the ISM and PSPF (published documents), I am sure there are tools in place to monitor and detect and perhaps even counter attack, but these would be COTS, lengthy delays to get current, ADHA current would have been on Facebooks scrape heap for some time.

The CEO of Facebook is a proven visionary, the closest ADHA comes to vision is probably delusions.

Banks - cannot find exact numbers but it is commonly reported financial institutions spend x3 more on cyber security than non-financial organisations. If your accounts are compromised the bank will changed your access details and in many cases reimburse any financial lost. My experience is the know before you do and alert you

The ADHA cannot compensate for loss of identity, the damage to self and reputation when that identity is misused.

The ADHA also needs to compete for cyber/information security expertise. Against Facebook, IBM, banks, gaming and gambling and the assortment of high class specialist security organisations, it cannot be easy. Government is not exactly the most exciting environment (and nor should it be). Even then ADHA must compete with the Cyber security departments within state and federal government.

I am sure those who do work there are dedicated and talented, but can the ADHA retain them? What are their numbers, what is turnover like?

Should ADHA be responsible for the protection of our private health information? Probably not, no more than any communications and marketing Agency.

I wonder how secure the optout database is? Do they care if that gets hacked?

Bernard Robertson-Dunn said...

Don't forget Accenture designed and operate the system. ADHA are probably relying on them for front line protection. They probably have at least some skills in Cyber Security.

Anonymous said...

That is correct Bernard, Accenture has a set of international Cyber Security centres. They would be monitoring and have access to MyHR 24/7.

CZECH REPUBLIC - Prague

INDIA - Bangalore

UNITED STATES - Washington, D.C.

ISRAEL - Tel Aviv

It is not like Accenture make mistakes - https://www.healthcareit.com.au/article/significant-cyber-security-failures-government-contractors-mhr-data-remains-safe no one is 100% infallible.

And it is not as if ADHA would expose data through one of their hundreds of power points or evidence based undisciplined web publishing.