Friday, August 17, 2018

There Are Very Good Reasons To Be Very Careful With Your Health Information.

This appeared late last week:

SA Health staff caught spying on patient records and 7000 children’s pathology results exposed online

Lynne Minion | 08 Aug 2018
An SA Health worker has been sacked for accessing patient health records without authorisation, bringing the total to 13 since February, as the state government continues its crack down on the unethical conduct.
SA Health has released new figures as part of a privacy breach update that confirmed another employee received a final warning for snooping on medical records.
According to the Adelaide Advertiser, 26 employees have been disciplined in 2018.
Earlier this year 21 staff were caught spying on confidential patient information, including 13 who accessed the records of alleged murderer Cy Walsh following the death of his father Phil Walsh, who was the celebrated coach of the Adelaide Crows AFL team.
At least nine patients were reported to have had their medical records inappropriately accessed by health staff, with SA Health vowing in February to report quarterly on the questionable practice.
The news has come at a time of heightened awareness about data privacy in Australia as the Federal Government’s My Health Record opt out debate continues.
It also follows SA Health’s confirmation of a privacy breach that saw the pathology results of thousands of children exposed online for 13 years.
According to a statement by SA Health, the children’s test results were uploaded to the website of the Women’s and Children’s Hospital in 2005 embedded in an academic presentation on childhood infections.
More here:
A little earler this appeared:
  • Updated Aug 6 2018 at 11:00 AM

Security fears are still too high, so I'm opting out of My Health Record

by Carlo Minassian
I've opted out of My Health Record and I'd urge anyone concerned about their privacy and security to do the same.
While the recent move to enshrine in legislation the need for a court order before releasing records to police or government agencies is positive for privacy, criminals don't care for court orders. To put it simply, not opting out of My Health Record before the October 15 deadline will expose your private health data to being hacked or compromised.
While ample assurances have been given by Health Minister Greg Hunt, much of these are based on claims of apparently infallible, "military-grade security" protecting our data.
My Health Record's biggest benefit is the greater accessibility it offers to Australians and their health care professionals. Ironically, it is this greater accessibility that makes the system so vulnerable.
Basically, it boils down to the fact that the more endpoints you have – the larger the attack surface – within a network, the more vulnerable it is and the harder it is to protect.

900,000 weak links

According to reports, 900,000 medical practitioners will have access to My Health Record data. That's almost a million places for hackers to probe.
Sure, the central database will have robust security mechanisms, highly-trained security analysts and, hopefully, well-trained employees who know how to spot a phishing email, but will a GP in Gundagai or a pharmacist in Fremantle have the same security posture?
Health professionals are great at what they do, but security isn't their specialisation.
The far-flung nature of this network could open the floodgates because we already know medical data is highly valued in the darkest corners of the internet.
Consider the Office of the Australian Information Commissioner's (OAIC) recently released first quarter results for the Notifiable Data Breaches Scheme – health service providers reported the highest number of breaches with 49 between April and June. Of these, more than half were attributed to human error.
While none of these were related to the My Health Record system, the figures highlight the premium hackers place on personal medical data – if they want it, they'll find a way to get it. And with so many weak links in the My Health Record chain, it will only be a matter of time.

Medical records prized

I cannot stress enough how sought-after medical records are.
Just last month, 1.5 million Singaporeans had their public health records stolen in what is being described as a sophisticated attack.
Apparently, the well-planned campaign targeted the health records of Prime Minister Lee Hsien Loong, but attackers managed to scoop up the details of almost a quarter of Singapore's residents in the process.
These advanced attacks are incredibly expensive and difficult to carry out. Generally, sophisticated campaigns of this nature are only done if the government backing the hacking group sees value in the information.
While it would take an advanced adversary to directly attack the My Health Record central database, anyone with a passing interest in hacking could target Australia's smaller health providers.
More here pointing out how valuable health information is:
Interestingly a similar point is made here:

Former Pentagon cyber chief says hackers will exploit My Health Record flaws

 Here is the link:

https://www.afr.com/technology/former-pentagon-cyber-chief-says-hackers-will-exploit-my-health-record-flaws-20180805-h13lb5
 
The meaning of all this is pretty clear. Whether through malice, incompetence or accident your health data is under attack.
It is up to you how you respond!
David.

No comments:

Post a Comment