-----
This weekly blog is to explore the news around the larger issues around Digital Health, data security, data privacy, AI / ML. technology, social media and any related matters.
I will also try to highlight ADHA Propaganda when I come upon it.
Just so we keep count, the latest Notes from the ADHA Board were dated 6 December, 2018 and we have seen none since! It’s pretty sad!
Note: Appearance here is not to suggest I see any credibility or value in what follows. I will leave it to the reader to decide what is worthwhile and what is not! The point is to let people know what is being said / published that I have come upon, and found interesting.
-----
MyGov is a dog’s breakfast, and I’m stuffed
Freelance writer
November 4, 2022 — 3.46pm
I know it’s sad, but most of last weekend was spent trying to talk to a fellow human being. My eldest son – at university in Canberra – gave me six hours to submit a form to MyGov Centrelink so he could claim something he’s legitimately entitled to.
I pointed out the form he’d asked me to fill in online was irrelevant because it said his mother and I were “separated” when in fact we were divorced in May 2021.
So, there I was on a Friday evening and most of a sunny Saturday, Sunday and Monday trying to negotiate MyGov’s labyrinthine online login process which would enable me to hook up my existing Medicare account to my son’s dreamed-of Centrelink account.
Look, I’m not stupid – although I will admit to being somewhat technologically challenged. However, the Australian government’s initiative, MyGov – operated by Services Australia – is a dog’s breakfast. And that’s being kind to a rabid dog.
-----
Health data cyber crime punishments must be harsher
By Don Tan
November 5 2022 - 5:30am
A worrying pattern is emerging in the world of cyber crime: attacks launched against Australia's healthcare organisations.
Just as we were scrambling to make sense of the breach against private health insurer Medibank, in which the personal data of at least 4 million Australians was exposed, news hit that ACL-owned Medlab, a local pathology laboratory, had experienced its own attack. In this case, the personal information of at least 223,000 people was accessed.
The origins of both attacks are still somewhat hazy, but it appears the Medibank breach is the result of compromised staff credentials. Around 200 gigabytes of diagnoses, health claims and personally identifiable information (PII) was accessed and sold on a Russian-language cyber crime forum.
After investigating and dismissing suspicions in February, Medlab was in June informed its information was leaked on the dark web. This included medical and health records linked to pathology tests, credit cards (including associated CVV numbers) and Medicare numbers.
-----
The internet is run under the sea, not in the cloud. What happens if the cables get hacked – or snipped?
Hundreds of undersea cables link up the worldwide web, with about a dozen connected to Australia. How does this little-known network work – and what happens if it’s sabotaged?
By Sherryn Groch and Felicity Lewis
November 5, 2022
At the bottom of the freezing Sea of Okhotsk, deep inside Russian waters, a US submarine creeps into position. Navy divers emerge from a hatch they call “the Bat Cave” and sneak along the dark ocean floor, searching for a cable just centimetres wide on which they’ve planted a listening device – and, all the while, the Soviet fleet above is none the wiser.
It’s the 1970s and this is one of the most daring missions of the Cold War: wiretapping the secret communications cable between the Soviet fleet’s Pacific base and headquarters in Russia. The Soviets thought it so well guarded, in a heavily patrolled peninsula rigged with sound detectors, that most of what passed down that cable wasn’t even in code.
For a decade, US divers would return every month to retrieve the latest transmissions captured from their bug so analysts at the US spy agency the NSA could binge-listen to the juicy disclosures – from Soviet nuclear secrets to commanders’ conversations with their mistresses. Then, after yielding some of the most useful intelligence of the Cold War, Operation Ivy Bells came to a halt suddenly in the 1980s when a bankrupt NSA analyst quit his job and walked into the Soviet embassy to sell US secrets.
A high-stakes Cold War wiretap under the sea might sound leagues away from our “wireless” world today. But the internet is not held in the “cloud” or beamed down by satellites – at least, not for the most part. More than 95 per cent of our data runs through a little-known network of undersea cables, each not much wider than a garden hose, stretching thousands of kilometres long.
-----
https://insideageing.com.au/creating-efficiencies-in-medication-management/
Creating efficiencies in medication management
4 November 2022
Within days of implementing the streamlined electronic medication management system, the benefits were evident for Group Homes Australia.
There was more efficient communication between families, pharmacists and general practitioners about residents’ medication, and the homemaker team members could access clearer information at a glance.
Group Homes Australia Head of Care and Health Erin Sharp said the Medi-Map platform provided a more efficient way of administering medication.
“There’s a lot of efficiencies in the system,” she said. “When you increase the efficiencies, you decrease the possibility of mistakes.”
Medication management for home care providers, such as Group Homes Australia, is a critical concern.
-----
Cybercrime increases to one report every seven minutes
Max Mason Senior reporter
Nov 4, 2022 – 5.00am
The boss of Australia’s national cybersecurity agency said the lines between nations and criminal gangs has blurred following Russia’s invasion of Ukraine, as reports of cybercrime last financial year increased nearly 13 per cent to 76,000.
Abigail Bradshaw, the head of the Australian Cyber Security Centre, within the Australian Signals Directorate, said the level of cybercrime in 2021-22 had been “profound” with the equivalent of one report every seven minutes.
“In the last 12 months, we witnessed this sustained integration of cyber with conventional warfare in Ukraine, and the coalescence of powerful and disruptive cybercrime, gangs and nation states combining efforts in that conflict,” she said. “That has been profound and new.”
Fraud accounted for 27 per cent of reports, according to ACSC’s new Annual Cyber Threat Report.
-----
https://wildhealth.net.au/how-to-implement-a-virtual-ed-in-10-weeks/
3 November 2022
How to implement a virtual ED in 10 weeks
Northern Health in Victoria is the first hospital in Australia to have both electronic prescribing and a virtual emergency department. Both projects were implemented in just 10 weeks, during the high tide of covid.
The speedy roll-out of a digital front door for an emergency department looked nothing like a typical public health project.
At the Wild Health Summit in Melbourne last month, project team members revealed the key elements of success and posed the $64 million question – why can’t that spirit of innovation endure post-pandemic?
According to Dr Loren Sher, clinical director of the virtual ED at Northern Health, the covid imperative loosened bureaucratic restrictions that often stymy innovation. Dr Sher said that a virtual ED would not have happened pre-covid, but the pandemic meant that “suddenly the walk down to the executive suite felt much shorter”.
-----
https://wildhealth.net.au/csiro-takes-the-reins-for-snowmed-services/
3 November 2022
CSIRO takes the reins for SNOWMED services
CSIRO stepped up into the services delivery role of the National Clinical Terminology Service this week, and they aim to lower the barriers to using it.
David Hansen is CEO of CSIRO’s Australian e-Health Research Centre (AEHRC). He told Wild Health that AEHRC wants to make it easier for vendors to implement interoperability and to create a safe space for vendors to ask any sort of questions.
Mr Hansen said he had seen countless, badly implemented examples of SNOWMED – the leading international vocabulary of healthcare terminology.
“Clinical terminology, in particular, can be difficult to implement well, and often it’s left to last. There’s so much to focus on when building products these days – cybersecurity, scalability, usability – and what we’ve tried to do is to take the terminology part and make it as easy as possible for vendors to implement,” he said.
-----
‘Maximise profits’: Facial recognition tool used to target high rollers
November 3, 2022 — 5.00am
A surveillance technology company that installs facial recognition software that NSW pubs and clubs will widely roll out in gaming rooms next year markets its product overseas as a tool to “balance commerce and compliance” by identifying potential high rollers and repeat customers.
Many hotels and nearly 100 clubs already use facial recognition technology, including a product Exact Technologies has installed at Canterbury League Club, Panthers Entertainment Group and Campbelltown Catholic Club.
Among the benefits of the technology that Exact Technologies lists in its advertising material for the Australian market is its potential for venues to tailor their customer service to individual players.
“VIP and key customers or clients have very different needs when it comes to service,” the website says. “Some customers prefer very low levels of attention while others like lots of attention. Face recognition can help ensure the right service is delivered to each individual.”
Exact’s casino marketing brochure adds to that list the capacity of facial recognition technology to “balance commerce and compliance to maximise profits”, by revealing who is visiting the casino and what they are doing on-site.
-----
https://www.afr.com/companies/energy/all-must-probe-and-plug-digital-data-defences-20221101-p5bund
All must probe and plug digital data defences
All levels of governments and companies need to move quickly to find and fix the weaknesses that are clearly afflicting digital data handling.
Nov 2, 2022 – 6.40pm
All levels of Australian government and companies now need to move quickly to find the weaknesses clearly afflicting digital data handling and fix them. No one is far off from the purgatory that Optus and Medibank have endured in the past weeks after criminals pillaged their databases of everything from passport numbers to sensitive medical records. Woolworths MyDeal, and wine seller Vinomofo have also had large numbers of customer data pilfered this month too.
Harvesting customer data is not just a business model for everyone from tech giants to supermarkets, but a dynamic new source of economic growth. The risks of failing to keep that information secure – and the potential damage done to millions of customers’ lives from identity theft or extortion – is also a massive operational vulnerability and an unprecedented political, legal, and reputational liability. Think of angry politicians, a fuming public, class actions and legal perdition. All companies now have to assume that they are going to be hit, even if it’s just a ransomware attack on their own operations. So, what do they do next?
It remains unclear how the data of 10 million Optus customers was removed, while 3.8 million records were stolen from Medibank with a likely pinched administrator log-in. The criminal world has considerable resources available: global ‘black hat’ hackers for hire, easy to use software off the shelf, or subscriptions to sophisticated hacking-as-a-service. And while the criminals have to be lucky only once; the targets have to be lucky all the time. Yet ‘white hat’ cyber defenders are in very short supply. Boards which are assured that their operations are fully staffed in this area should question how.
-----
https://www.lexology.com/library/detail.aspx?g=3e9435fa-d2ec-417c-bab5-dca4c5c832d5
The Privacy landscape is heating up - but will tougher penalties and an expanded reach have the desired effect?
Gadens Dudley Kneller, Antoine Pace and Sinead Lynch
Australia October 31 2022
After a number of significant and high-profile cyber incidents in the last few weeks, it was almost inevitable the Government would take steps to fast-track its privacy reform agenda by seeking to push through headline-grabbing changes to the Privacy Act 1988 (Cth) (Privacy Act).
Following the Attorney’s General (AG)’s foreshadowing on 22 October, 2022, the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 (Privacy Bill) was introduced into Parliament earlier last week. The proposals have been a long time coming – higher penalties have been in the works during the prior administration’s term of office, but the current proposals have the potential to be a game changer for corporate Australia.
The new Privacy Bill proposes three major changes to Australia’s privacy laws:
- Significantly Increased Penalties for serious or repeated interferences with privacy, to mirror competition-law style fines for breaches;
- Strengthened Enforcement Powers for the Office of the Australian Information Commissioner (OAIC), including broadening the scope of the extraterritorial jurisdiction of the Privacy Act; and
- Enhanced OAIC & other Regulator Information Sharing Powers, including in relation to public disclosure of incidents.
Substantial increase in civil penalties
The maximum penalty for serious or repeated breaches of the Privacy Act is currently capped at $2.22 million (for corporate entities). The harsh reality is that this is a relatively modest limitation, and for some organisations, a relatively minor cost of doing business in Australia, not least for some data-rich organisations prevalent in the global tech sector.
-----
Visa shake-up relegates cyber skills despite ‘worst ever’ crisis
Paul Smith Technology editor
Nov 2, 2022 – 9.35am
Home Affairs Minister Clare O’Neil has stunned the technology industry by introducing skilled migration rules the peak body says will make it harder to bring in cyber experts, software engineers and technology developers, amid a cyber crisis and well-documented skills shortage.
Late last week while the data breach crisis at health insurer Medibank was unfolding, Ms O’Neil introduced a ministerial direction to change how migration agents prioritise skilled visa applications. The direction removed 27 job roles - including ICT security specialists - from the Priority Migration Skilled Occupation List (PMSOL).
The move by Ms O’Neil, who is also the Cyber Security Minister, came as part of a broader shake-up of skilled visa processing, which aims to prioritise fixing talent shortages in health, education and across regional Australia.
However, it has shocked industry as the spate of recent cyber breaches, headlined by Optus and Medibank, has shown the need for companies to bulk up on cyber expertise.
-----
https://www.cdotrends.com/story/17582/healthcare-data%E2%80%99s-prognosis-never-clear
In Healthcare, Data’s Prognosis Is Never Clear
on October 31, 2022
For an industry where technology is critical and can save lives, the healthcare industry is strangely lagging behind other sectors in its use of data.
In part, that is explained by the highly sensitive nature of the information. Not all patients like the idea of sharing their health records and data. Some healthcare providers are proprietorial about their patients’ records which, in Australia, remain the property of the clinic or doctor.
Then there are the usual issues around extracting data from different legacy systems and combining them, making them interoperable and available to other providers. So, for example, if someone desperately needs a doctor after falling sick in the Australian outback, it would be ideal if the health professional treating them had access to their records. But it’s not always the case.
Australia has had a centralized record-keeping system called My Health Record for more than ten years, and more than AUD2 billion has been spent on the system since it launched.
There are 23 million people registered in the system, yet the latest Australian Digital Health Agency report showed only 2.69 million people accessed their records in 2021. This was an increase of 14% from the previous year and was likely driven by the COVID-19 pandemic.
-----
From Sleeping Giant to Awakening Giant – ANDHealth Report on the Australian Digital Health Sector
ByTracy Lu
Data Health Intellectual Property Technology
A surge in digital health companies
ANDHealth recently launched its detailed report on the state of the Australian digital health sector, The Awakening Giant: The Rise of Australia's Evidence-Based Digital Health Sector.
In this Insight we summarise some of the key takeaways from the report, including key trends and challenges for the Australian market.
Background
Digital health covers a wide range of technologies, medicines and services, and can include personalised medicine, telehealth and telemedicine, wearable devices, mobile health technologies and health IT.
ANDHealth, with whom Allens has worked closely, is one of Australia's leading health technology commercialisation organisations and supports startups in the digital health sector using a non-profit, non-equity-taking model.
This is ANDHealth's second detailed report on the state of the sector, following on from its first report Digital Health: The Sleeping Giant of Australia's Health Technology Industry, which was published in July 2020. A lot has happened in the sector since then—here are the key trends and challenges which ANDHealth has highlighted for the Australian market in the new report.
-----
https://medicalrepublic.com.au/algorithms-and-the-ndis/80297
1 November 2022
Algorithms and the NDIS
Georgia van Toorn is a research fellow at UNSW Sydney. Jackie Leach Scully is the Professor of Bioethics, Director of the Disability Innovation Institute at UNSW Sydney. Karen Soldatic is a professor at Western Sydney University.
'Roboplanning' may be dead, but automated processes continue to undermine trust in the scheme.
NDIS Minister Bill Shorten has announced a review of the National Disability Insurance Scheme, amid claims of a cost blowout, heightened by budget forecasts.
The review will look at ways to improve access to and delivery of the NDIS, including its operations and financial sustainability.
The announcement follows last year’s failed attempt by the Morrison government to limit scheme spending, using algorithmic tools and processes to scrutinise the cost of funded plans for individual recipients. As a result of pushback by disability advocates, independent assessments of NDIS eligibility, or “roboplanning”, is now officially dead.
But algorithmic technologies have already become a central component of NDIS assessment, planning and review processes. Unless they are repurposed to address the concerns of people with disability and their families, these automated technologies will continue to undermine trust and confidence in the scheme.
-----
https://www.afr.com/technology/we-must-prepare-for-the-reality-of-the-chip-wars-20221101-p5bumi
We must prepare for the reality of the Chip Wars
The question of how far decoupling will go depends on China’s next move and the extent of the new US rules.
Rana Foroohar Contributor
Nov 1, 2022 – 12.11pm
There has been widespread portrayal of President Joe Biden’s recent semiconductor export bans on China as America’s declaration of economic war with the country. But, in fact, Washington is merely reacting to Beijing, and it is a late reaction at that.
It is worth recalling that China actually paved the way for formal supply chain decoupling with the Made in China 2025 programme. This was announced seven years ago (before the Trump presidency) and explicitly spelt out the country’s desire to be free of Western technology — chips in particular — within the next few years.
The Communist party quickly retired the Made in China phrase after some backlash from the West, but the policies largely continued. More recently, a new emphasis from Beijing on the Military-Civil Fusion strategy added fuel to the fire, with economic and military development goals, particularly around technology, becoming more closely aligned.
I find it hard to believe that anyone who has spent time in China in recent years could have thought that it would be otherwise. Like the US, the country has a military industrial complex with strong roots in technology development. It is also a big, single language market with room to grow and loop other countries into its regional economic orbit, just as America did in the post-second word war period.
-----
https://www.innovationaus.com/good-privacy-reform-rest-on-well-resourced-tech-regulators/
Good privacy reform rest on well-resourced tech regulators
Sarah
O’Connor
Contributor
31 October 2022
Following the recent spate of data breaches, much of the public conversation has focused on the need for regulatory reform to protect Australians’ privacy and “incentivise better behaviour” from companies that collect and store personal data.
The Albanese government has proposed legislation to increase penalties for companies subject to repeated or serious privacy breaches. Both the Office of the Australian Information Commissioner (OAIC) and the Australian Communications and Media Authority (ACMA) will receive greater powers to resolve privacy breaches and share information, and the Notifiable Data Breaches scheme will also be strengthened.
If these regulatory reforms are to be successful, the regulators will need the resources to exercise the new powers effectively.
The Budget provided small amounts of additional funding to the OAIC. This is welcome, but it doesn’t address the under-resourcing of the regulators in recent years. While it seems a truism to say that additional regulatory powers require additional resourcing, Australia’s tech regulators are consistently being asked to do more with less.
-----
After the Optus and Medibank hacks, we must teach tech to forget
Clément Canonne
Computer science lecturer
November 1, 2022 — 11.00am
Recent data breaches have dealt a huge blow to the privacy of millions of Australians. While the culprits have no doubt been the hackers, big companies who hoard data unnecessarily and without limit have been put on notice.
It has raised the question of why so many organisations have held on to – and often squirrelled away or sold – our personal data long after it was first required, with no mechanism in place to permanently delete or forget this information. For too long, this has gone unchecked, and we have been compelled to share more than we should.
Many of us have now been online and used digital services for decades, sharing many details about our lives in the process. As these vast troves of data have been collected, the science of data analysis has developed exponentially through machine learning and AI to the point where a great deal about a person can be revealed by connecting seemingly banal details and even re-identified through the analysis of so-called “anonymous” datasets.
Just as these advances have allowed programs to systematically identify us, so too are computer scientists coming up with new ways to give people control of their data once it has been obtained and shared by a whole raft of third parties. Machine “unlearning” is an approach that could mitigate privacy risks by providing a rigorous technological basis for the “right to be forgotten”. Using this technique, systems would be hard-wired to either forget data on request or after a particular timescale.
-----
Monday, 31 October 2022 11:26
Law that protects US tech platforms against lawsuits being challenged
A law which shields big tech platforms from lawsuits over content provided by users is being challenged in the US Supreme Court, and is likely to be heard next year.
The Wall Street Journal reported on Sunday that the court would be hearing a case against Google which argues that Section 230 of the Communications Decency Act, the clause in law that offers protection to technology companies, should not serve as a shield against companies that link to so-called harmful content.
The US Government has tried in the past to change Section 230, with a bid two years ago to pass what it called the EARN IT Act which looked to add conditions for those who sought protection under it.
Under this section, one can sue the person who defamed you on a platform like Twitter, but not the platform itself. An amendment to this section in 2018 made platforms liable for publishing information designed to facilitate sex trafficking.
At the time the EARN IT Act was being pushed, there was speculation that one of the conditions for earning this immunity could be the ditching of end-to-end encryption.
-----
Reimagining healthcare experiences in the metaverse
By Melissa Witheriff, Regional Innovation Lead,
Australia, Avanade
Monday, 31 October, 2022
As the metaverse shifts from hype to reality, organisations and individuals are excited to experiment with these cutting-edge technologies. Gartner predicts that by 2026, one in four people will spend at least an hour a day in the metaverse. Powered by emerging technologies such as digital twins and edge computing, almost one in three organisations will have metaverse-ready products and services.
As the metaverse matures, the new technology is already reimagining how essential services like healthcare operate. While still in its nascent stage, it could potentially redefine how healthcare services are delivered to patients. Especially in Australia, the strain on health care has never been more evident.
The federal health minister declared that primary care is “in worse shape than it’s been in the entire Medicare era” and has made it his top priority. The metaverse holds the potential to be the game changer we need to alleviate the national healthcare crisis. This convergence of technologies is giving rise to a new environment where the industry can accelerate learning, create collaborative experiences and connect from anywhere.
Transforming the patient experience
People today are savvy consumers of digital content and social media. Can we leverage familiarity with digital technologies to enable the population to take control of their health, without compromising the quality of care? The short answer? Yes.
-----
Coles has doubled its cybersecurity spending but wants clearer rules
Carrie LaFrenz and Brad Thompson
Updated Oct 31, 2022 – 7.56am, first published at Oct 30, 2022 – 4.24pm
Coles Group chief executive Steven Cain says business leaders need a clear regulatory framework for what the government deems as baseline preventive standards against cyberattacks.
Mr Cain said attacks were becoming more sophisticated and the business community was trying to understand what they needed to do to improve security following several high-profile breaches including hacks on telco Optus and health insurer Medibank.
Cybersecurity is one of the highest growth areas of expenditure within the tech budgets for companies – Coles has doubled its technology spending since demerging from Wesfarmers in 2018 and more than doubled its cybersecurity spending over that time.
Coles is among many major companies that benchmark themselves against the Australian Cyber Security Centre’s Essential Eight framework, which outlines a minimum set of preventive measures designed to make it harder to compromise systems.
Mr Cain said he would like to know what the expected standards were, aside from the “Essential Eight” program, and agreed that if companies did not follow known guidelines, they should be penalised.
-----
Will anything change after the Medibank hack?
Optus boss Kelly Bayer Rosmarin has been helping guide the health insurer by sharing her ‘learnings’ from an earlier data breach that exposed highly personal customer information.
October 28, 2022
Medibank customer Nathan Williams is nervous about what he doesn’t know he doesn’t know about having his personal information stolen.
The only communication the small business owner has received about having his private data stolen is one email from Medibank – and just one from Optus, another target for hackers where he also happens to be a customer – to say there had been a breach.
It’s been a shocking two weeks for Medibank. The nation’s biggest private health insurer said last week it had stopped a ransomware attack, then admitted some 1000 customers may have had their data stolen, before revealing on Wednesday that all 4 million of its current customers and as many as 1.5 million former clients may have been exposed to Russian hackers.
“I still don’t know what’s been leaked, and what they’ve actually got of mine,” says Williams who owns the Sydney brow salon Parlour B.
Medibank shares went into a tailspin after Wednesday’s announcement, shedding $1.8bn that day alone.
-----
There’s a reason you’re hearing about so many hacks
October 30, 2022 — 7.00pm
Late last month, Marcus Thompson, who was Australia’s first head of information warfare, was musing about the Optus hack at the end of an interview. He wasn’t shocked that such a breach had happened, Thompson said, but he was surprised the public had suddenly started to care.
“If large-scale cyberattacks are still generating surprise within the Australian community, then we’re in more trouble than I thought,” he wrote later.
While it feels like Australian businesses are in the midst of a hacking wave that has seen about 17 million records stolen in a spate that includes breaches on Optus, the particularly pernicious Medibank hack, and several others, this country has been swimming in a perilous ocean for years.
Last year, organisations notified the regulator of 900 data breaches “likely to result in serious harm.” That figure, experts believe, is a fraction of the total attacks because the Privacy Act excludes many organisations such as small businesses and state agencies. Globally, more than 11 billion records have been exposed over the last decade, Bloomberg found, and the severity of hacks are only getting worse.
But there are reasons things feel particularly bad right now.
-----
David.