Wednesday, January 23, 2019
Do You Understand Just Why There Is Sudden Concern With The Chinese Having Access To Our Health Data?
Two articles I have spotted this week have raised concerns:
By Clive Hamilton
13 Jan 2019 — 11:00 PM
Chinese companies are required by law to obey directives from Beijing's intelligence agencies. So why would our regulators permit a giant Australian healthcare provider that is privy to highly sensitive records on hundreds of thousands of Australians to be acquired by a Chinese company?
The Jangho Group, a Shanghai-based building supplies company, wants to take over Healius, an Australian company that operates 2400 pathology centres and 70 medical centres, and partners with about 1500 GPs and other health specialists.
Security agencies around the world have noticed an alarming spike of cyberattacks aimed at health records, with state-based actors in China the leading suspects. Last July, it was reported that 1.5 million medical records were stolen in Singapore in a cyberattack experts believe came from state-based hackers in China.
Prime Minister Lee Hsien Loong's medications were specially targeted by the hackers, leading him to write: "Perhaps they were hunting for … something to embarrass me."
The Singapore data theft followed a massive hack in 2014 that sucked up the personnel records of millions of Americans, and the theft of 4.5 million health records from a Tennessee-based hospital chain in the same year. Experts attributed them to state-backed hackers in China.
In the same year, the medical records of an unspecified number of Australian soldiers, including special forces operating overseas, were sent to China by a health contractor that also has facilities in Guangdong.
The specific risk of giving Chinese companies direct access to Australian medical records is that China's intelligence services could access those records for information on current or future political, military and public service leaders in order to blackmail them.
Some may have psychiatric conditions or be on mental health plans. They may have sexually transmitted diseases. Data on medications would be enough. Publication of such sensitive information could wreck careers and make those who have been compromised open to coercion.
By Angus Grigg
14 Jan 2019 — 11:00 PM
A Chinese takeover bid for Australia's largest network of medical centres and pathology clinics is set to be closely scrutinised by the Foreign Investment Review Board, after its head singled out the protection of healthcare data as a key area of concern.
The chairman of FIRB, David Irvine, said in May last year the government had an obligation to protect the personal data of Australians by regulating who had access to it and how it was stored.
"That obligation becomes relevant for FIRB as a result of growing foreign investor interest in data-sensitive assets such as healthcare services and data centres," Mr Irvine told an investor forum in Sydney.
FIRB chair David Irvine has highlighted the protection of health data as a key concern. Louise Kennerley
His comments suggest any takeover bid by China's Jangho Group for Healius (previously known as Primary Health Care) would either be blocked by FIRB or subject to strict conditions.
Jangho lobbed a $2 billion bid for Healius on January 3, an offer rejected by the company's board, but the parties have agreed to keep talking and a higher offer is expected to be tabled shortly.
Healius' ownership of 2400 pathology clinics and 70 medical centres and the health records which accompany these has emerged as a complicating factor in any takeover, due China's history of seeking large foreign data sets.
The issue was highlighted in The Australian Financial Review on Monday by academic Clive Hamilton, who noted China's growing interest in local healthcare companies and that Beijing had been linked to an increasing number of cyber attacks focused on medical records.
Tom Uren, a visiting fellow at the Australian Strategic Policy Institute, said not only would Healius have the health records of politicians and senior public servants, but it would also be able to provide a general picture on the overall health of the Australian population.
"They would have data on lots on interesting people," Mr Uren said.
Academic Clive Hamilton noted China's growing interest in local healthcare companies and that Beijing had been linked to an increasing number of cyber attacks focused on medical records. Rohan Thomson
"There is a national security element to health records which is starting to be recognised."
For all the commentary I am not sure just what use a dump of all the Helius health records, or others, would actually be. Maybe someone can explain to us all just what nefarious use the Chinese are planning for the data and if they are interested in the myHR? Or is it just anti-Chinese paranoia? I don't know!
Posted by Dr David G More MB PhD at Wednesday, January 23, 2019