-----
This weekly blog is to explore the news around the larger issues around Digital Health, data security, data privacy, AI / ML. technology, social media and any related matters.
I will also try to highlight ADHA Propaganda when I come upon it.
Just so we keep count, the latest Notes from the ADHA Board were dated 6 December, 2018 and we have seen none since! It’s pretty sad!
Note: Appearance here is not to suggest I see any credibility or value in what follows. I will leave it to the reader to decide what is worthwhile and what is not! The point is to let people know what is being said / published that I have come upon, and found interesting.
-----
https://www.innovationaus.com/optus-breach-what-next-for-digital-credentials/
Optus breach: What next for digital credentials?
Stephen
Wilson
Contributor
7 October 2022
In the rush to be seen to do something following the Optus data breach, we risk responding the wrong way.
It’s now obvious to everyone that businesses routinely retain too much personal information, and that the true cost of a data breach is far higher than expected. We all see how criminals exploit stolen data, what makes data valuable to them, and what motivates criminal hacking.
But the systemic problem no one is talking about is the way we use identifying information to begin with. If we don’t fix that properly, then the next big breach will be just as devastating.
Why should I be vulnerable just because a thief has my name and a number or two? Why is the onus on me to renew all those numbers? And what stops the new numbers being abused all over again?
The deep problem isn’t actually about identity at all. It’s about the way we use personal data.
Some people think that in an ideal world we’d have one reusable all-purpose identity, so we wouldn’t have to repeat the ID dance every time we open a bank account or register for a government service. Some people imagine that an all-purpose identity would let us log into any internet site.
-----
https://www.innovationaus.com/australia-slides-to-new-low-in-e-government-rankings/
Australia’s e-government rank falls to decade low
Joseph
Brookes
Senior Reporter
30 September 2022
Australia has slipped to seventh in the United Nations global ranking of ‘e-governments’, its worst position in a decade. New Zealand and several Scandinavian countries are now ahead of Australia after being ranked second in the world by the UN just four years ago.
Australia is still among the leading group of e-government nations, and considered the best on human capital, according to the latest biannual UN e-government survey released this week, but is heading in the wrong direction.
In 2014, 2016 and 2018 Australia was second in the world, despite several high-profile technology failures like 2016 census, ATO outages and robodebt.
In 2020 the UN dropped Australia to fifth. Now the nation has slipped to seventh.
-----
https://www1.racgp.org.au/newsgp/racgp/general-practice-crisis-summit-key-outcomes
General Practice Crisis Summit: Key outcomes
High-level solutions were discussed in working groups and summarised into recommendations to inform the RACGP White Paper.
06 Oct 2022
Around 120
GPs and other healthcare representatives attended the RACGP’s General
Practice Crisis Summit at Old Parliament House in Canberra on 5 October, to
pool expertise and establish solutions to the myriad of problems facing general
practice in Australia.
The day’s program included three working group discussions around solutions to
the key issues facing GPs, including funding, workforce and data governance.
Attendees were presented with three questions by subject matter experts to
engage in roundtable working group discussions, which were then summarised and
presented to the room.
Professor Price said that the differing views among each group is ‘what will
make the session so successful’; however, overall, significant themes were
identified across all discussion groups.
‘We have every recommendation proposed today captured, which will all inform
the White Paper … [and] be presented to [the Federal] Government in coming
weeks,’ Professor Price said.
-----
Thursday, 06 October 2022 11:49
AIIA Urges Government to Release Privacy Act Draft Exposure Legislation
The Australian Information Industry Association (AIIA) has called on the Albanese Government to release an exposure draft of proposed changes to the Privacy Act before the end of the year, in the wake of recent high-profile data breaches of personal information.
Noting that the process of updating the Privacy Act has been in train for almost two years, the AIIA - Australia's peak body for innovation technology - has called on the Government to now move to releasing an exposure draft before the end of the year for consultation to ensure citizen data and trust is protected and maintained.
The AIIA says it believes that the Privacy Act is the appropriate legislative vehicle to deal with current data and privacy concerns and can resolve many of the questions the public is rightfully asking around retention of private data and identification documents.
“When major data breaches or personal information becomes public, it is justified to ask whether current laws are adequate, and assessments need to be made around data breaches versus cyber security attacks. The former can and should be dealt with by Privacy Act reforms. The new cyber security reforms for critical infrastructure only passed this year and are still being implemented by industry,” the AIIA notes.
-----
Optus hack shows data breaches are digital asbestos for business
Government must wield a bigger stick to send a market signal about privacy. But we should avoid the compliance-centred reform path that rarely works.
Alastair MacGibbon Former National Cyber Security Advisor and Special Advisor to the Prime Minister on Cyber Security
Oct 6, 2022 – 1.19pm
It has been two weeks since news broke of the Optus data breach, perhaps the largest ever in Australia, hitting nearly 10 million current and former customers of the country’s second-biggest telco.
Whether caused by technical oversight, human error, common criminals – or a “sophisticated attack” as claimed by Optus (and disputed by most) – there is no doubt this has felt like the longest two weeks in the lives of those who are in the thick of it at Optus.
This will be particularly true for their security and IT teams who will have been working in 24/7 shifts to investigate, respond and begin recovering from the incident.
For 9.8 million Australians, there is fear and uncertainty about how exposed they are to scams, identity fraud and other personal harm.
-----
The easy way to prevent a data breach: don’t collect data
John Davidson Columnist
Oct 6, 2022 – 1.31pm
At the Sonoma Bakery in a downtown café strip in Canberra, customers have to hand over not just their payment details to complete orders from their table.
They also have to hand over their email address and phone number.
Regardless of whether they opt into Sonoma’s mailing list, its ordering app – written by the Brisbane-based hospitality software provider Bopple – won’t let them pay for their coffee and baked goods if the email and phone number fields are left blank.
Anna Johnston, a former deputy privacy commissioner for NSW, who now runs the consulting firm Salinger Privacy, says it’s an example of the excessive and oft-times illegal data-gathering that has crept into Australian society since COVID-19 got everyone in the habit of pulling out their phones and checking into government apps whenever they entered an establishment.
-----
What personal data do scammers want from you (and how will they use it)?
John Davidson Columnist
Oct 6, 2022 – 11.35am
What will happen to you if and when your personal information falls into the hands of cybercriminals is difficult to predict and impossible to generalise about.
And that’s for one simple reason.
“We sometimes think that a cybercriminal is this super-sophisticated person who can just do anything with miniscule amounts of information,” says Nick Klein, a former High Tech Crime team leader at the Australian Federal Police, who after a stint at Interpol’s Global Cybercrime Expert Group now runs the Digital Forensics & Incident Response unit at Australia’s largest cybersecurity consultancy, CyberCX.
“But the reality is, they’re people. They’re lazy, and they’re prone to error, and they often go for the low-hanging fruit.
“The range of sophistication and professionalism among cybercriminals is the same as any other group. They range from very ad hoc, very amateur, very low-skilled and low-effort, right up to ones who are very sophisticated and very motivated,” he says.
-----
Gov to update telco regulations to help protect Optus breach victims
By Richard Chirgwin on Oct 6, 2022 12:30PM
Temporarily enable data sharing with banks, governments.
The federal government has announced emergency regulations designed to help banks and agencies protect customers caught up in the Optus data breach.
The regulations announced today will be in place for 12 weeks, and will slot into the Telecommunciations Regulations 2021.
Treasurer Jim Chalmers and communications minister Michelle Rowland today announced that the government will amend regulations to allow telecommunications companies “to better coordinate with financial institutions, the Commonwealth, and states and territories, to detect and mitigate the risks of cyber security incidents, frauds, scams and other malicious cyber activities.”
Carriers will be allowed to share “approved government identifier information” (driver’s licences, Medicare number, and passport numbers) with “regulated financial services entities” so they can monitor affected customers.
A separate regulation will allow those identifiers to be shared with Commonwealth, state and territory governments.
-----
https://wildhealth.net.au/hl7-and-openehr-are-friends-not-foes/
28 September 2022
HL7 and openEHR are friends, not foes
These two approaches are often seen as competitors. But digital health would be safer, more efficient and easier for all if they were used together.
HL7 was designed to solve the technical problem of how to send data from one system to another, while openEHR defines the data to be collected at the clinical work front in a safe and constant way that clinicians understand.
So, what do they do?
HL7 FHIR is the most recent and effective incarnation of international technical standards for messages which share data between systems and different parts of healthcare.
An example is sending the process of sending discharge summaries from the hospital to the GP. The HL7 FHIR specification includes data specifications for individual items of data in a message, as well as the technical structure of the message that makes sure it goes to the right place and can be received and understood.
HL7 the door-to-door delivery service for health data.
-----
https://wildhealth.net.au/telehealth-abortion-care-crucial-for-rural-patient-access/
29 September 2022
Telehealth abortion care crucial for rural patient access
New data shows that telehealth abortion appointments provided vital care to patients who could not attend clinics in person during the pandemic.
Released by Family Planning NSW yesterday, the data shows that of a total of 860 medical abortions provided by the organisation between April 2020 and September 2021, 158 were done via telehealth – 18%.
Of these, 37% were from regional and remote areas.
Family Planning NSW medical director Dr Clare Boerma told Wild Health that telehealth was particularly important for priority health populations.
“Telehealth can be highly valuable for patients in rural and remote areas, who may have limited health services close to where they live, or those who might otherwise find it difficult to attend a clinic in person,” she said.
-----
https://wildhealth.net.au/cybersecurity-is-a-matter-of-life-or-death/
5 October 2022
Cybersecurity is a matter of life or death
Last year a patient at a Melbourne hospital underwent what was deemed a preventable amputation.
This didn’t happen because of the resource shortages that have been plaguing Australia’s healthcare sector since the start of the pandemic. It also wasn’t down to a misdiagnosis or any fault in the care provided by staff.
It was because the hospital fell victim to a cyber-attack that took its IT systems down and prevented access to patients’ medical histories. In this case, the patient was unable to verbally communicate where he was experiencing pain, and doctors were helpless in preventing the spread of an infection.
Cyber-attacks against Australia’s healthcare organisations are becoming alarmingly commonplace. The majority of breaches reported to the Office of the Australian Information Commissioner (OAIC) last year were from the healthcare sector.
There have been numerous examples of these breaches recently, each one wreaking significant damage while the nation battled with the challenges of covid and extreme weather events.
-----
https://wildhealth.net.au/can-smart-investors-help-calm-the-startup-storm/
5 October 2022
Can smart investors help calm the startup storm?
Despite the rapid growth in the number of digital health startups emerging over the past decade suggesting a bright future for health apps, tech giants like Amazon, Microsoft and Google have so far failed to make much headway in the health sector.
However, groups of dedicated, health-savvy investors are emerging as knowledgeable backers in the digital health startup world, where expertise and industry relationships play a key role in ensuring a company is successful at raising funds.
And while the covid pandemic was a shot in the arm for digital health as adoption of remote solutions skyrocketed, digital solutions that promise to improve health outcomes must still navigate a multitude of stakeholders, from tight-fisted administrators to busy and risk-averse clinicians and wary end-user patients.
A recent study compared the data in the regulatory filings and clinical trials from 224 US-based digital healthcare companies with the public claims that these organisations made. That study found that just 20 per cent had acceptable levels of clinical robustness, while 44 per cent of these companies had a clinical-robustness score of zero.
-----
https://wildhealth.net.au/waiting-better-tech-could-ease-elective-surgery-backlog/
5 October 2022
‘Waiting better’ tech could ease elective surgery backlog
Laura Andronicos and Talia Meyerowitz-Katz
Central Adelaide Local Health Network’s (CALHN) recent rollout of prehabilitation digital platform My PreHab may have a welcome side effect of reducing elective surgery wait times.
Covid has caused a huge backlog of elective surgeries still yet to be cleared. Excessive wait times can exacerbate health issues and dramatically increase pressure on the healthcare workforce.
But digital patient pathways may offer some relief.
According to CALHN My PreHab project lead professor Jane Andrews, one in five patients experience post-op complications. These could lead to poorer health outcomes, longer hospital stays, greater risk of readmission, higher costs and more pressure on waitlists.
However, known risk factors for complications following surgery could be reduced if identified and managed before surgery. This was where the My PreHab platform came in, she said.
-----
https://www.itnews.com.au/news/white-house-guidelines-for-ai-aim-to-mitigate-harm-586068
White House guidelines for AI aim to mitigate harm
By Paresh Dave and Nandita Bose on Oct 5, 2022 1:00PM
AI "Bill of Rights" will guide automation in education, health care, employment.
The White House on Tuesday proposed a non-binding Artificial Intelligence (AI) Bill of Rights that it said would help parents, patients and workers avert harm from the increasing use of automation in education, health care and employment.
The Biden administration's proposal joins hundreds of other guidelines and policy frameworks released by tech companies, industry associations and other government agencies over the past few years.
Like the others, the White House version suggests numerous practices that developers and users of AI software should voluntarily follow to prevent the technology from unfairly disadvantaging people.
In some cases, algorithms for administering healthcare have not prioritized the needs of Black patients, and facial recognition has been deployed for policing in schools despite its potential for underperforming on darker skin tones.
-----
Trio wins physics Nobel for quantum mechanics
AFP
5:34AM October 5, 2022
A trio of physicists on Tuesday won the Nobel Prize for discoveries in the field of quantum mechanics that have paved the way for quantum computers, networks and secure encrypted communication.
Alain Aspect from France, John Clauser of the US and Austria’s Anton Zeilinger were honoured “for experiments with entangled photons, establishing the violation of Bell inequalities and pioneering quantum information science,” the jury said.
They become the 116th winners of the prize since it was first awarded in 1901.
Each scientist “conducted ground-breaking experiments using entangled quantum states, where two particles behave like a single unit even when they are separated,” the committee said, adding that the “results have cleared the way for new technology based upon quantum information.”
The phenomenon was dubbed “spooky action at a distance” by Albert Einstein.
-----
Q&A: Improving patient care through effective communication
Stryker
By Mansi Gandhi
Friday, 30 September, 2022
Having worked as a pulmonary and critical care physician for more than 25 years, Dr Benjamin Kanter understands the role of communication in emergency situations too well. In this Q&A, Kanter, a physician innovator and Chief Medical Information Officer (CMIO), Vocera — now owned by Stryker — reflects on the role of technology and communication in improving care delivery and patient outcomes.
Tell us a bit about the early days in your career? How has hospital communication evolved over the years?
I spent more than 25 years as a pulmonary/critical care physician. I cared for patients with complex illnesses, where every minute of delay could mean the difference between life or death, between remaining on a standard ‘medsurg’ floor (the same level of care) or requiring a transfer to a higher level of care like an unintended transfer to the intensive care unit (ICU).
I was a medical student from 1978–82. When I started my time in hospitals, other than simply speaking with each other in person, there were four technologies nurses and physicians could use to communicate: a landline telephone, a pager (which really isn’t a communication method but rather a standalone ringer notifying the recipient that someone wishes to speak with them), a fax machine and ‘snail mail’. No one used fax machines for person-to-person communication and snail mail was used by hospitals to communicate with physician offices. So the only channels available for MD to RN communication were synchronous. There were no asynchronous methods unless one considers ‘sticky notes’ attached to a patient’s chart as a communication method, and sticky notes were common.
The technologies available for communication have expanded over the past few decades — particularly for asynchronous communication. The corollary of this is that there are now more options available for communicating — and the unintended consequence of this is that there is more attendant complexity. While it is now easier to choose a communications modality that is most appropriate for a given situation, it is also easier to make a decision to use a technology that may not be appropriate (ie, texting a physician about a medical emergency).
-----
https://www.innovationaus.com/cyber-hub-pilot-extended-as-govt-considers-long-term-future/
Cyber hub pilot extended as govt considers long-term future
Justin
Hendry
Editor
4 October 2022
Efforts to centralise federal government networks through a handful of cyber hubs in Canberra’s biggest agencies will continue until the New Year, after the pilot program was extended.
The six-month extension, which takes the trial up to the start of January 2023, was enabled by a $30.2 million injection in the 2022 federal budget that also leaves the door open to future changes. The pilot, first envisioned in the 2020 cybersecurity strategy, aims to “harden” government IT by focusing investment on a smaller footprint of networks.
In doing so, the government hopes to uplift cyber resilience across the public sector, particularly in smaller agencies which typically have fewer resources at their disposal.
The first three hubs were established in the Defence department, the Department of Home Affairs and Services Australia in July 2021, followed by a fourth at the Australian Taxation Office.
-----
Telehealth biz InstantScripts hunts for new owner; $200m sale tipped
Anthony Macdonald, Sarah Thompson and Kanika Sood
Oct 4, 2022 – 9.33pm
Melbourne-based online medical prescriptions business InstantScripts has drafted in Lazard Australia to hunt for a new owner, in what could spell a big payday for its founders and investors including Perennial.
InstantScripts, founded only four years ago, is understood to be growing quickly with revenue more than doubling in the past 12 months to be worth about $50 million a year.
Street Talk understands Lazard’s bankers started getting in touch with potential buyers last month, and has called for a first round of bids in November.
Pitch desks have landed at PE firms, traditional healthcare players (insurers, pharmacies), digital healthcare players and even deep-pocketed family offices, with interested parties told to think about a whole-of-the-business sale that could be signed by year’s end.
InstantScripts lets users/patients get express medical scripts online in minutes instead of the drudgery of finding an appointment and showing up at a doctor’s office. It can do scripts for more than 300 medicines, all of which are low-dosage and low clinical risk for things like thyroid, urinary tract infections (UTI) or melatonin for sleep.
-----
‘We need a deterrent’: Privacy chief demands heavier fines for breaches after Optus hack
October 4, 2022 — 6.45am
Australia’s privacy commissioner wants the power to hit corporations that fail to safeguard personal data with penalties into the billions of dollars after the Optus hack as she warned companies were seeing the current $2.1 million maximum as just a cost of doing business.
The federal government is urgently reviewing the Privacy Act and has flagged stiffer penalties in a plan that drew a positive response from Australian Information and Privacy Commissioner Angelene Falk. She is considering a formal investigation into the Optus hack that exposed data on almost 10 million people.
“We do need to have a deterrent that is more than the cost of doing business,” Falk said on 7.30. “Currently, I can seek civil penalties to the Federal Court of $2.1 million. But overseas there are penalties as large as 4 per cent of global turnover.”
Those penalties, which are in force in the European Union, could equate to billions of dollars if ever levied against the largest internet firms such as Google owner Alphabet or hundreds of millions if applied to a firm the size of Optus' Singaporean parent company.
-----
Government pushes for digital identity system after Optus hack
Tess Bennett and John Davidson
Oct 4, 2022 – 5.00am
Finance Minister Katy Gallagher has called together all the digital ministers to kick-start the rollout of a national identity system, amid calls for the government to build a new technology infrastructure that would reduce the risk of identity theft, following the Optus data breach.
It comes as NSW Customer Service Minister Victor Dominello called for a decentralised identity system and the end of paper-based ID.
After drifting for years, the Optus breach has highlighted the need for a national digital identity system that would make it easier for businesses to verify a person’s identity and eliminate the need for companies to collect licence and passport numbers in the first place.
Canberra has established a digital identity system to streamline access to government services such as Medicare and the Tax Office, underpinned by the MyGov website.
But legislation that was drafted by the Morrison government still needs to be passed to allow the Digital ID to be used more broadly by the private sector.
-----
Consumer groups slam calls to share data beyond Privacy Act
Ayesha de Kretser Senior Reporter
Oct 3, 2022 – 5.12pm
Consumer groups have slammed the findings of Treasury’s latest review of the consumer data right after the Optus breach, saying the report prioritises building a market where fintechs can profit from people’s data over protecting their information security.
Financial Rights Legal Centre senior policy advocacy officer Drew MacRae said the most recent statutory report measuring the CDR’s progress, released late last week after the Optus data hack, was disappointing for consumers and too lax on businesses.
“In short, the review is yet another CDR report that places business interests over people’s privacy interest,” Mr MacRae said.
“This is not a great look in the middle of the Optus hack fallout.”
The CDR is an opt-in service being developed by Treasury that allows a consumer to hand their data to a third party, currently only banks but soon to be expanded to energy and telco providers, so they can be marketed the right products and best deals.
-----
Robotic surgery: is evidence showing its alleged wonders still missing in action?
Surgeons 'remain the main obstacle to the success of surgical randomised control trials', say experts
3 October 2022
Robotic surgery still carries the glittery image of cutting-edge medicine — if you excuse the pun.
For those patients with the financial means, it’s been a mainstream option for some time now, particularly when it comes to radical prostatectomies.
Its supporters boast of its benefits, including the way surgeons trained in their use are bestowed with stereoscopic 3D vision that can magnify the surgical field along with increased ease of complex manoeuvres using precisely controlled instrument movement in tiny, confined spaces.
One statistic may give an idea of how “mainstream” it has become: by the end of last year some 1.2 million robotic procedures had been performed around the world, and yes, most of them were robotic-assisted radical prostatectomies (RARP).
However, the questions raised by more sceptical critics over the years have never quite been silenced.
-----
Why robotic joint surgery is not a ‘penicillin moment’ in orthopaedics
Australian Orthopaedic Association guidelines specifically advise surgeons not to claim the clinical outcomes of robotic surgery are superior to the standard procedure
Mon 3 Oct 2022 09.01 AEDTLast modified on Mon 3 Oct 2022 09.15 AEDT
“Just so you know, money is not an issue. Should I have the better robotic knee or settle for the regular operation?”
So said my friend’s mother when she could no longer hike – and her words made my ears prick for two reasons. I had never heard the first assertion in my modest Indian upbringing where value for money ruled. But more importantly, my own mother, of a similar age, was scheduled for a knee replacement and her surgeon hadn’t even mentioned a robot.
My friend’s mother sent me a curated list of websites that touted the benefits of robotic joint replacement – a new technology with purportedly better outcomes. Some websites contained glowing patient testimonials and others hailed the surgeon’s expertise as second to none, accompanied by mildly awe-inspiring illustrations of how robots worked and exhortations to book a consultation now. I felt guilty at consigning my mother to less.
In searching for a surgeon, I assumed that more than 15 years of training meant that all Australian orthopaedic surgeons were technically sound. Therefore, the choice depended on the right fit and I did what any experienced doctor would do: I asked the nurses. Doctors seldom see how their colleagues interact with patients. Nurses, on the other hand, observe the nitty gritty of doctors’ behaviours.
-----
Your watch says you have a heart condition. Now what?
By Julie Jargon
Dow Jones
October 3, 2022
Just because your smartwatch can tell you if you have an irregular heart rhythm, does that mean the information will do you any good?
Many new smartwatches, including those from Apple, have sensors that can pick up on an irregular pulse and notify wearers that they may be in atrial fibrillation, or AFib. The devices are hitting the market at a time when consumers are gaining interest in tracking aspects of their health beyond fitness.
AFib is an irregular and often rapid heart rhythm that can cause blood clots in the heart; if clots break free, they can travel to the brain and cause a stroke. People often don’t even know they have the condition until catastrophe strikes, cardiologists say.
Approximately one in five American adults say they regularly wear a smartwatch or fitness tracker, according to Pew Research Center. At least 20 smartwatches sold in the U.S. currently have the ability to detect irregular heart rhythms, says market-research firm IDC.
-----
https://www.lexology.com/library/detail.aspx?g=fc9d5d40-fbfb-423e-adf3-c152bd6326ac
Cloud Based Computing Services - What are the data security risk management and legal issues?
Stephens Lawyers & Consultants Katarina Klaric
Australia, Global August 29 2022
Cloud services can be enablers for a company’s digital transformation. However, understanding the risks and legal issues associated with using cloud based computing services is critical for risk management and protection of an organisation’s data and related intellectual property and to minimise the risk of business disruption.
Companies are increasingly using software applications and tools, data storage and back up services that are provided as cloud based solution utilising computer servers located in datacentres owned or controlled by third parties (“cloud services”). Gartner forecasts that worldwide spending on end-user cloud services will increase by about 20 percent during 2022 to about US$500 billion, with expenditure expected to reach US$600 billion in 2023[i].
Risky business
Companies using cloud services, without proper due diligence including the legal review of the terms and conditions of the cloud services agreements and risk management are potentially putting at risk their data and associated intellectual property (“IP”) and business operation. It is important that businesses understand the risks and benefits of cloud based services and have proper processes and systems to manage the potential risks.
In some cases, the cloud based solution suppliers use third party datacentres to provide the cloud based facilities, which adds another level of complication. In this situation, the business may have a contract with the cloud solution supplier but has no contractual relationship with third party datacentres who provide the servers and data storage facilities. If the contractual relationship between the cloud solution supplier and datacentre are terminated, the business may not be able to access its data from the datacentre, particularly where the cloud solution supplier is in breach of its agreement with the datacentre. It is important that all third party datacentre agreements are also reviewed, so that the company has rights to access data stored at a third party datacentre. The due diligence and risk management process should extend to datacentres.
-----
Optus fiasco shows how lost we are on digital security
11:00PM October 2, 2022
One good thing about crises is that they provide opportunities to learn. We will be working through the consequences of the cyber attack on Optus for years.
A steadier government voice on the Optus mess has been Clare O’Neil, Minister for Home Affairs and Cyber Security. Last week she told Channel 9’s A Current Affair: “It’s really important that everyone enters this conversation with a little bit of humility. The truth is we are probably five years behind where we need to be with cyber security in this country and government is not immune from that.”
Few players come out of this crisis with reputations intact. The government’s handling has involved multiple ministers all separately racing to sheet home blame to Optus for what, frankly, is a shared responsibility.
Optus must carry the blame for what, on our current knowledge, looks to be a human not technological error exposing over 10 million customer records via inappropriate testing of an application program interface.
-----
Optus data breach reveals ad hoc and immature response system
The near 10 million Optus customers at the centre of the identity credential scandal were essentially left to fend for themselves.
Tom Burton Government editor
Oct 2, 2022 – 2.39pm
Revelations that nearly 10 million Australians have had key identity credentials potentially breached finally provided the shock needed to modernise the country’s antiquated data management, security and privacy systems.
For years, under intense lobbying from financial, payment, telco, media and marketing interests, Australia has slow-walked reforms that would create a trusted, secure, reliable and efficient regulatory regime to manage the burgeoning digital economy and the data that fuels it.
Identity theft, fraud, criminality and scams have ballooned amid a plodding, patchwork response from policymakers. A 2017 Australian Institute of Criminology study found one in four Australians had been a victim of identity crime at some point.
That was before COVID-19 “uberised” the online economy, opening a cornucopia of opportunity for bad actors. The emergence of near real-time payment systems has also created a new fertile field for scammers. Officially known as Authorised Push Payment (APP) fraud, a typical scam involves bad actors duping renovators or property buyers into sending payments to them rather than the legitimate builder or vendor.
-----
David.
