Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Sunday, January 14, 2024

It Looks Like 2024 Is Really Going To Have Us Face Some Heard Questions In The AI Domain!

This popped up over the break: 

New laws to curb danger of high-risk artificial intelligence

By Lisa Visentin

January 14, 2024 — 5.00am

Legislation will govern the use of artificial intelligence in high-risk settings such as law enforcement, job recruitment and healthcare, with the Albanese government poised to legislate mandatory safety requirements in its first steps towards regulating the technology.

Industry and Science Minister Ed Husic said a new advisory body would work with government, industry and academic experts to devise the best legislative framework and define what constituted high-risk technologies and their applications across industries.

He said the starting point for assessing high risk would be “anything that affects the safety of people’s lives, or someone’s future prospects in work or with the law. Those are areas that are likely to be targeted by future changes.

“These technologies are going to shape the way we do our jobs, the performance of the economy and the way we live our lives. So what we need to ensure is that AI works in the way it is intended, and that people have trust in the technology.”

The move to legislate safeguards for high-risk AI forms a key plank of the government’s interim response to a consultation process launched last year on the safe and responsible use of AI, to be unveiled by Husic this week. The government received more than 500 responses to its discussion paper, including from tech giants Google and Meta, major banks, supermarkets, legal bodies, and universities. It said almost all the submissions called for action on “preventing, mitigating and responding” to the harms of AI.

Many countries are grappling with how to respond to the emerging risks from AI without stifling innovation, as the rampant take-up of generative chatbots like ChatGPT and automated machine learning systems has highlighted the potential for the technology to revolutionise entire industries. Consulting firm McKinsey has calculated the technology could add between $1.1 trillion and $4 trillion to the Australian economy by the early 2030s. website called ChatGPT is raising questions about the role of artificial intelligence in our education, work and relationships.

But the breakneck speed of AI development has triggered concern over the potential ethical and moral harms posed by its use and has led to a furious debate in tech circles. Last year, more than 350 researchers and executives working in AI, including ChatGPT creator and OpenAI chief executive Sam Altman, signed an open letter warning that mitigating the “risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war”.

Husic said the decision to focus on high-risk technologies while leaving low-risk applications unregulated was driven by the view that the vast majority of AI use was safe and driving major advancements in areas like education and medicine.

The government’s approach, at this stage, does not include mirroring steps like those taken by the European Union which, through its proposed AI Act agreed to by policymakers in December, will seek to ban certain uses of AI that pose an “unacceptable risk”. These include the creation of social credit-scoring systems, biometric profiling, and scraping of images from the internet to create facial recognition databases.

But Husic said the government would keep an open mind to stricter regulatory responses and was watching developments in other countries.

“If other jurisdictions like the EU are doing things that we think will work locally, then we’re very open to it. If there is a potential impact on the safety of people’s lives or their future prospects then we will act,” he said.

The new AI advisory body will consider options for the types of legislative safeguards that should be created and whether these should be achieved through a single AI Act or by amending existing laws.

One issue it will likely consider is how best to safeguard against algorithmic bias arising from incomplete data sets that can discriminate against people based on characteristics such as race or sex, which the Industry Department’s discussion paper highlighted as a major concern. The paper referenced overseas cases of law enforcement agencies relying on AI models to predict recidivism that disproportionately targeted minority groups, and employers using recruitment algorithms that prioritised male over female candidates.

Here is the link:

https://www.smh.com.au/politics/federal/new-laws-to-curb-danger-of-high-risk-artificial-intelligence-20240111-p5ewnu.html

There was also an associated editorial! 

 Government must meet challenge of identifying high-risk areas of AI

By The Herald's View

January 14, 2024 — 5.00am

The consensus of thinking around artificial intelligence (AI) is that 2024 is the year when we will really start to feel its impact.

The abilities of ChatGPT to write poetry in the style of William Wordsworth, for example, or to compose computer coding is now familiar. The useful and commercial potential of AI when it comes to medicine and science is rapidly being investigated and exploited. Researchers are now exploring whether AI can be used to interpret the results of bowel cancer scans faster and more accurately than a human.

Much like the impact of the launch of the World Wide Web in 1993, AI comes with very obvious and immediate benefits as well as yet-to-be-realised and potentially detrimental ramifications.

Apposite, then, that the federal government will take steps to endeavour to control the impacts of AI applications after a consultation process it began last year, seeking views on whether Australia has the right governance in place to support the safe and responsible use and development of AI.

As our political correspondent Lisa Visentin writes today, more than 500 submissions were received in response to the government’s discussion paper, and almost all of them called for the government to act on “preventing, mitigating and responding” to the harms of AI.

As a result, the government will this week unveil its interim response, which will include mandatory safety guardrails for AI in high-risk settings. The government concedes: “When AI is used in high-risk contexts, harms can be difficult or impossible to reverse such that specific guardrails for AI design, development, deployment and use may be needed.”

That, it says, could mean amendments to existing laws or through a dedicated legislative framework to be implemented by the establishment of a new expert advisory body.

The government recognises the upside of AI; economic modelling estimates that adopting AI and automation could add an extra $170 billion to $600 billion a year to Australia’s GDP by 2030.

In formulating a policy response, the federal government recognises the vast majority of AI uses are low risk and says legislation that targets high-risk areas allows the low risk to flourish unimpeded.

But therein lies the challenge. We want to enjoy the benefits of AI, but this brings with it the need and responsibility to identify high-risk areas that could have big impacts, particularly irreversible ones.

The European Union is further down the path of legislation, reaching a provisional agreement on the Artificial Intelligence Act to ensure AI in Europe “is safe, respects fundamental rights and democracy, while businesses can thrive and expand”.

The list of banned applications, exemptions, obligations for high-risk systems and proposed guardrails is a complex one.

The definition of high risk includes AI systems with significant potential harm to health, safety, fundamental rights, environment, democracy and systems used to influence the outcome of elections and voter behaviour.

The proposed EU legislation means citizens will have a right to launch complaints about AI systems and receive explanations about decisions based on high-risk systems that affect their rights.

Infrastructure systems (water, gas, electricity), systems determining access to educational institutions or recruitment, law enforcement, border control, administration of justice, biometric identification and emotion recognition are also areas deemed high risk.

Brando Benifei of Italy’s Partito Democratico said after the agreement: “Thanks to the European Parliament’s resilience, the world’s first horizontal legislation on artificial intelligence will keep the European promise – ensuring that rights and freedoms are at the centre of the development of this ground-breaking technology. Correct implementation will be key.”

The Australian government is to be applauded for its early recognition of the potential risks posed by AI. We believe it should now move forward with equal expediency in closely identifying and ring-fencing the high-risk areas. Sufficient financial resources must be given to ensure that it can achieve those goals without delay. Australian citizens should expect nothing less.

Here is the link:

https://www.smh.com.au/national/nsw/government-must-meet-challenge-of-identifying-high-risk-areas-of-ai-20240112-p5ewuc.html

I have the feeling tis is going to be a transitional year as many service and entities figure out just what the role of AI will be, what the economic and human impact will be and what the right way to proceed is.

In healthcare clinical decision support (a form of AI) has been around for decades and many are used to the way our various activities and processes are influenced by automated guidance.

In many other disciplines AI is yet to be explored as fully but you can be sure work is underway apace!

Tools like ChatGPT have made a huge impact and opened thinking widely on what is possible to a huge degree. They are also turning out to be useful testbeds.

I expect an ongoing and fascinating news flow all this year and on into the future. Let me know how I went with this one this time next year!

David.

AusHealthIT Poll Number 729 – Results – 14 January, 2024.

Here are the results of the poll.

Will The Rather Sudden Banning Of Addictive Vapes Nationally Cause A Large Black Market To Emerge Pretty Quickly?

Positive                                                                         46 (100%)

Negative                                                                            0 (0%)

I Have No Idea                                                                  0  (0%)

Total No. Of Votes: 46

As clear a vote as we ever see on this little poll. The message is that the powers that be had better get their act together or there will be addictive vapes everywhere

Any insights on the poll are welcome, as a comment, as usual!

A great number of votes. But also a very clear outcome! 

0 of 46 who answered the poll admitted to not being sure about the answer to the question!

Again, many, many thanks to all those who voted! 

David.

Thursday, January 11, 2024

This Is An Important Statement Of A Perfectly Sensible Position On Health Information Access.

This was released a day or so ago.

GPs and pathologists raise concerns over plans to remove 7-day delay for all pathology results on My Health Record

Royal Australian College of GPs and Royal College of Pathologists of Australasia

The Royal College of Pathologists of Australasia (RCPA) and the Royal Australian College of General Practitioners (RACGP) have warned the Government’s proposal to remove the 7-day delay for all pathology and diagnostic imaging reports on My Health Record may lead to misinformation and patient distress.

Both the RCPA and RACGP support sharing healthcare data with patients, but want the current 7-day delay for tests not already available in real time to remain in place. This allows doctors to help patients understand and interpret results in a safe and caring setting. The colleges also request the Government include them in any future consultation.

President of the RCPA, Associate Professor Trishe Leong, said patients should review results with a specialist.

“The RCPA believes that patients should be fully engaged in managing their care, and access to diagnostic information is part of that management,” Associate Professor Leong said.

“We therefore support the sharing of information without barriers to access, such as the 7-day rule, overall. However, it is critical that if these delays are removed, consumers are advised to review their results with their GP or other specialist and are also provided with evidence-based information on pathology testing such as Pathology Tests Explained, and contact details for general support services, such as GPs and Lifeline.

“Whilst the RCPA acknowledges that there is potential for improved care through the quicker provision of results and less patient anxiety, we must consider the unintended consequences of a patient failing to return for a clinical appointment because results are within the normal range or misinterpreted. This significantly impacts patient care and requires a system for monitoring. Similarly, the impact on healthcare providers needs to be considered, with increased communication from patients to the referring healthcare providers or directly to the laboratories, wanting to know the meaning of an unexpected abnormal result.”

Currently, patients must wait seven days before they can access most pathology and diagnostic imaging reports that have been shared to My Health Record. This delay allows healthcare providers to review and schedule appropriate follow-up with their patients.

Under the proposed changes, the 7-day delay will be removed for all pathology and diagnostic imaging reports, meaning patients will be able to access results as soon as they are shared to My Health Record.

RACGP President Dr Nicole Higgins said the delay gives GPs and patients a vital opportunity to discuss results.         

“We strongly support patients having access to their results and medical history,” Dr Higgins said.

“GPs and other specialists don’t seek to be medical gatekeepers, but we are there to support our patients to understand their results, treatment options and next steps. The 7-day delay gives us and our patients time to make an appointment where we can sit down and have those important conversations.

“Much of the terminology entered into My Health Record, is written for doctors, by doctors, and has to be understood in the context of a patient’s medical history and other health factors and conditions. Patients often get good insights and find support by looking into their results, but it’s important they know what their results mean for them. That’s the value of having a usual GP.

“A pathology result can be stressful, so there’s real value to having a two-way discussion with a trusted medical professional. There is also a worrying amount of vague, unapplicable, and outrightly incorrect information online. Patients who have worked with a doctor to understand their health are better supported to know what information applies to them, and what doesn’t.

“If this change does go ahead, at the minimum it should not happen without an education campaign for patients so they can understand the risks of interpreting their own results. There will need to be clear advice in the My Health Record advising patients to discuss results with their doctor.”

Both colleges recommend some diagnostic tests are considered for exclusion if the 7 day rule is removed. This includes anatomical pathology and cytopathology reports, which are often discussed at multidisciplinary team meetings to determine an appropriate clinical path, and genetic test results which often carry broader, more long-term, and more complex implications than other pathology results.

“Anatomical pathology and cytopathology reports can be very complex, and consideration is required as to whether their immediate release is in the consumers’ best interest,” Associate Professor Leong said.

“Genetic test results are often probabilistic, have consequences for family members, have potential psychological impacts, can have unanticipated implications, and vary in their actionability and therapeutic options. Post-test counselling is therefore considered crucial to prevent potential patient harm from specific genetic tests and results.

“Pathologists and requesting doctors are best placed to determine when specific genetic tests or results require post-test counselling. To allow for such counselling, providers should have the discretion to delay releasing results for up to seven days when clinically warranted.”

Noting that there will be exceptions to immediate publication to My Health Record, the RCPA and RACGP recommend that there is broad consultation on the exceptions. The colleges request that they are a partner in those consultations with Government to ensure there is appropriate oversight and governance of these decisions.

About the RACGP

The Royal Australian College of General Practitioners (RACGP) is the peak representative organisation for general practice, the backbone of Australia’s health system. We set the standards for general practice, facilitate lifelong learning for GPs, connect the general practice community, and advocate for better health and wellbeing for all Australians.

Visit www.racgp.org.au

About the Royal College of Pathologists of Australasia (RCPA):

The RCPA is the leading professional organisation representing pathologists, medical specialists and scientists who provide pathology testing in Australasia.  Its mission is to train and support pathologists and to improve the use of pathology testing to achieve better healthcare.

For further information on the RCPA, please visit www.rcpa.edu.au or see updates on Facebook - @PathologyRCPA, X (Formerly Twitter) - @RCPAPresident, @PathologyRCPA, or Instagram - @the_rcpa #RCPA #pathology #MedicineIsPathology.

Media contacts:

John Ronan
Media Adviser

Ally Francis
Media Adviser

Stuart Winthrope
Media Officer

Contact: 03 8699 0992media@racgp.org.au

Follow us on Twitter: @RACGP and Facebook.

---- End Release.

The position stated above is more than sensible and will minimize worry among patients by making sure results that are concerning are able to be explained by the patient’s doctor to the patient.

David.

 

Wednesday, January 10, 2024

The AIDH Appoints An Experienced Conference Organiser As CEO – Digital Health Experience Not So Much.

 This release appeared today.

AIDH appoints new CEO

Jan 10, 2024 | AIDH news, Australian Health News, Board, Featured, Member news

The Australasian Institute of Digital Health (AIDH) Board is pleased to advise that Anja Nikolic will soon be joining the Institute as CEO.

Anja has had an extensive career in membership organisations, working across Business Development, Conference/Events Management, Product, Member Services and Communications. She is currently the Chief Executive Officer at the Australian Physiotherapy Association (APA); a national organisation with over 30,000 members.

Anja is excited to take on the opportunity to grow the influence and impact of the AIDH, to support the digital capabilities of the healthcare workforce and achieve our vision of Healthier Lives, Digitally Enabled. Anja will commence at AIDH on 25 March 2024.

The Board would like to thank Mark Nevin FAIDH for his term as Interim CEO since July 2023, through to the time Anja commences in March. Mark has worked tirelessly to lead the AIDH team, support delivery of quality programs, and improve maturity in internal governance and controls. We look forward to continuing to work with Mark in his capacity as a Fellow of the Institute and wish him all the best for the future.

----- End Release

I do really feel it would be nice to have some Digital Health expertise – but there you go!

I guess the AIDH is mainly a conference organiser these days – for better or worse!

David.

Funny How Your Past Can Come Back All In A Rush! A Good Reminder Of Times Past.

 I noticed this a day or so ago.

Colorful Mystery Solved: Scientists Discover Enzyme That Makes Urine Yellow

Finding Could Illuminate Future Studies of Gut Health and Inflammatory Bowel Disease

Researchers at the University of Maryland and National Institutes of Health have identified the enzyme responsible for giving urine a yellow hue, and it’s more than a matter of idle curiosity or grade-school giggles.

The microbial enzyme known as bilirubin reductase was introduced in a study published Wednesday in the journal Nature Microbiology, paving the way for further research into the gut microbiome’s role in ailments like jaundice and inflammatory bowel disease.

“It’s remarkable that an everyday biological phenomenon went unexplained for so long, and our team is excited to be able to explain it,” said lead author Brantley Hall, an assistant professor in UMD’s Department of Cell Biology and Molecular Genetics.

When red blood cells degrade after their six-month lifespan, a bright orange pigment called bilirubin is produced as a byproduct. Bilirubin is typically secreted into the gut, where it is destined for excretion but can also be partially reabsorbed. Excess reabsorption can lead to a buildup of bilirubin in the blood and can cause jaundice—a condition that leads to the yellowing of the skin and eyes. Once in the gut, the resident microorganisms can convert bilirubin into other molecules.

Lots more here:

https://today.umd.edu/colorful-mystery-solved-scientists-discover-enzyme-that-makes-urine-yellow

Reading this I was reminded that 50 years ago I was also interested in bilirubin and its damaging effects on premature neonates. The high bilirubin levels were a marker of an immature metabolism and very high levels often warned of a poor outcome, and a nasty syndrome called kernicterus, which is associated with mental impairment.

I was reminded of this VERY old paper:

Clin Chem  1975 Oct;21(11):1638-43.

Fluorometric determination of "albumin-titratable bilirubin" in the jaundiced neonate

S B McCluskeyG N StoreyG K BrownD G MoreW J O'Sullivan

  • PMID: 1164793

Abstract

We report a fluorometric technique for determination of albumin-titratable bilirubin in the jaundiced neonate. Although bilirubin alone has very little native fluorescence, considerable emission is observed in the presence of albumin under acid conditions. Analysis of the plasma sample alone and in the presence of excess human serum albumin solution appears to reflect the bilirubin tightly bound to albumin and the total serum bilirubin, respectively. The difference between these two values has been designated as "albumin-titratable bilirubin". Where the concentration of albumin-titratable bilirubin is considerable, a typical saturation effect is observed. In samples where the circulating bilirubin is strongly bound to endogenous albumin, no change in fluorescence is seen when exogenous albumin is added. Results correlate well with the clinical picture.

Here is the link:

https://pubmed.ncbi.nlm.nih.gov/1164793/

In the 50 years since this work was done it really seems that the importance of neonatal jaundice and what to do about it is well established and that has to be a very good thing!

I have had a quick browse to find a current reference site and this looks like a great place to start and to see how things have moved on since I was first interested!

https://www.ncbi.nlm.nih.gov/books/NBK532930/

Neonatal Jaundice

Betty Ansong-Assoku; Sanket D. Shah; Mohammad Adnan; Pratibha A. Ankola.

Author Information and Affiliations

Last Update: February 20, 2023.

Great to see progress really does happen, and from all over! I certainly can’t take any credit!!!!

Hoping Digital Health news ramps up soon!

David.

Sunday, January 07, 2024

It’s 2024 And It Seems Like The Hackers Are Still Winning. For How Much Longer?

This appeared a few days ago:

Low cost, high reward: The hackers holding Australia to ransom

By David Swan and Colin Kruger

January 6, 2024 — 5.00am

If the skull and crossbones wasn’t already threatening enough, the accompanying message made the situation clear.

“If you see this text, then your files are no longer accessible, because they have been encrypted” was the text that greeted workers when they switched on their computers at Cadbury’s factory in Hobart. “Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”

The Petya ransomware attack in June 2017 halted chocolate bar production in Hobart and ultimately cost Cadbury’s parent company, Mondelez International, an estimated $140 million in lost revenue. It was also among the first of what has become an avalanche of ransomware attacks to hit Australian businesses, which industry insiders say are chronically underprepared to deal with such incidents.

St Vincent’s Health and Court Services Victoria recently joined the fast-growing list of high-profile organisations scrambling to respond to debilitating cyber incidents, which have by now impacted almost every Australian.

The attacks are not an outlier but are instead a “new normal”, according to cyber professionals, who say a cultural shift is needed more than any new suite of technical defences. They say Australia was never a primary target for cybercriminals until recently, and they hope the recent spate of attacks will serve as a belated wake-up call after years of a lack of interest and underinvestment.

Jamieson O’Reilly is the founder of cybersecurity firm Dvuln, which Australian companies and government agencies pay to find IT vulnerabilities. “Security in Australia is by and large still considered a grudge purchase,” O’Reilly says. “We need a cultural shift.”

A 17-year-old can pay less than $100 to gain access to an infected computer belonging to an employee of a billion-dollar company, according to O’Reilly, and the balance of power now rests squarely with the hackers.

While the idea of a teenage “script kiddie” – a novice hacker using unsophisticated tools – might seem like the stuff of a bad 1990s movie, the threat to some of Australia’s biggest businesses is very real.

“Optusdata”, the anonymous hacker who in late 2022 made away with the personal data of more than 10 million Optus customers before backing down from a $1.5 million ransom threat, was described as “unprofessional” and “stupid” by their hacker peers on the dark web.

The Optus mass data breach occurred through an unprotected and publicly exposed end point, meaning anyone who discovered it could connect to it without submitting a username or password. The attack was far from sophisticated, according to O’Reilly and other experts.

“For attackers, especially those utilising low-cost, high-reward strategies, the investment is minimal compared to the potential pay-off, which can range from financial gain to significant data breaches – or even reputational damage to the targeted organisation,” O’Reilly says.

According to the Australian Signals Directorate, an intelligence agency, more than 127,000 hacks against Australian servers were recorded between the 2022 and 2023 financial years. This marked an increase of more than 300 per cent over the prior year – and O’Reilly says that matches what he’s seeing on the ground. 

In the shadows

O’Reilly spends much of his time monitoring the dark web, which ransomware groups use to leak data and boast about their bounties. He regularly reports his findings to the Australian Signals Directorate.

The dark web is a shadowy part of the internet accessible only through special software, allowing users to remain anonymous. It is commonly used for illegal activities such as buying and selling drugs and weapons, as well as stolen credentials.

The group suspected to be behind the 2022 Medibank data breach, Russian cybercriminal gang REVil, posted customer names, birthdates and Medicare details under “good” and “naughty” lists on its dark web site named Happy Blog. The leaked data included patients who had undergone treatment for drug addictions and terminated non-viable pregnancies.

“I recommend to sell Medibank stocks,” the group said in the post, along with a quote from Confucius: “A man who committed a mistake and doesn’t correct it is committing another mistake.”

A person claiming to be the Medibank hacker told this masthead in broken English via email during the incident that they would have not leaked the stolen data had the company paid up. Medibank publicly ruled out paying the hackers the $US9.7 million ($14.5 million) they demanded, and the federal government had also advised against payment.

The government is currently weighing a total ban of ransomware payments, though company directors say the payments may be justified to avoid catastrophic outcomes.

“We do business in our way, and we never targeted any particular people for that – only companies,” the purported hacker said via email.

“We ask a similar price, as on blackmarket for that detailed data about Medi customers. And where Medi refuses to pay – we should earn some money, to cover our efforts. Talking that way, Medibank in fact forces us, to sphread [sic] customers data.”

With attacks surging, the federal government is under increasing pressure to help organisations defend themselves. Cybersecurity Minister Clare O’Neil described financially motivated hackers and extortionists as “public enemy No.1” when she launched the government’s new cyber strategy late last year.

O’Neil said Australia faced the most challenging circumstances since the Second World War, and that cybersecurity would be integral to how the events of the coming decade played out.

‘A good start’

The federal government’s “six shield” strategy includes $291 million in support for small and medium-sized businesses, including the creation of a cyber health-check program offering free and tailored cybersecurity assessments to business owners. It has a stated goal of making Australia the world’s safest cyber nation by 2030.

Many cybersecurity professionals aren’t convinced that’s possible but acknowledge it’s a goal worth pursuing.

“What Claire O’Neil and the current government have been doing is a good start, but it’s been attempted before, and we need to ensure it survives future political changes. Cybersecurity is no longer a nice to have; it’s a fundamental component of everything we do,” O’Reilly says.

He says Australia needs to find a way to ensure cybersecurity strategies are consistent across jurisdictions and are not beholden to the government of the day.

“One thing we can learn from our so-called ‘adversaries’, the people hacking us, is that consistency is key.”

In late 2022, in response to the Optus and Medibank breaches, the parliament passed legislation that can result in businesses being fined $50 million for repeated or serious data breaches.

Tony Burnside, head of Asia Pacific at cybersecurity giant Netskope, says we should be encouraged that Australia has a hands-on and proactive government when it comes to cybersecurity.

“The new cybersecurity strategy, which I think we can say has been well received overall, focuses on the right issues that need to be addressed now, and will act as a good framework for new legislation that will help Australian organisations and individuals be more secure,” he says.

“Our global alliances, especially in the context of AUKUS, also equip us with solid offensive and defensive state cybersecurity capabilities.

“Some organisations and parts of the populations are still fairly vulnerable compared to other countries, though... We weren’t exactly a primary target for cybercriminals until recently, and this has created some complacency and a feeling that major cyberattacks wouldn’t occur here.

“In the past 18 months there has been a wake-up call.” 

Bolstering the defences

Netskope’s most-recent threat report found the majority of cyber threats targeting Australian organisations were criminally motivated, with only 12 per cent of attacks having a geopolitical motivation. Both the Medibank and Optus hackers demanded millions in ransom payments.

At Medibank’s shareholder meeting in November, chairman Mike Wilkins emphasised that the private health insurer had ramped up its security.

“The board has been overseeing a group-wide program of work that aims to continue uplifting and embedding the technology, processes and security culture within Medibank to support our customer promise of being a trusted health partner,” he said.

Port operator DP World, another recent hacking victim, is improving its security as well.

“We undertook a thorough review of our security controls with the assistance of third-party cyber expertise,” a spokesman says.

“In order to reduce the likelihood of similar incidents occurring, we are working through a cyber remediation plan to implement additional controls, limit access to external applications to certain addresses and countries only, implement additional end-point and network detection and response capabilities.”

CBA chief Matt Comyn said the bank was “conscious of and spend a lot of time, effort and resources on issues such as cybersecurity given the risks presented by such threats nationally and globally”.

“We’ve already seen a number of examples of how damaging a breach of cybersecurity can be and that is a warning to us all to take the necessary and vitally important steps to protect ourselves from these increasing attacks,” Comyn said.

But some of Australia’s biggest companies such as IAG, the insurance group behind brands like NRMA Insurance, CGU, SGIO, are not waiting for hackers to come knocking.

“We take cyber and data risk very seriously and we continue to invest heavily in this area,” says IAG’s chief risk officer, Peter Taylor.

“We are also an active participant in broader industry and government initiatives to enhance cyber resilience more generally.”

Cybersecurity provider CyberCX is working with St Vincent’s Health to remediate and respond to its recent cyberattack. It’s still unclear whether any sensitive health data was stolen in that attack, which people close to the investigation say was likely financially motivated. The company is also working with the Australian Open to safeguard the coming tournament. 

All organisations at risk

The Medibank and St Vincent’s Health data breaches were facilitated through compromised staff accounts, according to investigators. Hackers typically compromise accounts through social engineering or phishing attacks – emails that seem legitimate and encourage users to enter their login information.

All Australian organisations are at risk, according to CyberCX’s financial services and insurance industry director, Shameela Gonzalez.

“More than green text on a black screen, executives are anxious about the 2am phone call, or the contact from a customer instead of catching it themselves,” Gonzalez says.

“It’s the combined challenge of scrambling to understand what has happened, re-securing systems without inflicting more damage, and communicating effectively in a matter of hours … It’s a tough ask, even before you consider that someone out there is working just as hard to do you harm.

“Simply buying more tools and more technology isn’t the answer here.”

Gonzalez agrees with O’Reilly in that one clear answer when it comes to cybersecurity is a cultural one.

“Organisations that weather and thrive following a cyber incident have a strong culture of resilience, have invested in securing their networks and systems to do what they can to prevent a breach, and have prepared as best they can for an attack in this ‘when’, not ‘if’ environment.”

Another answer may be for businesses to simply collect less data on their consumers. In November, the government flagged a review of mandatory data legislation, passed in 2015, which requires telecommunication companies to hold customer information including names, call records and other data for two years. 

Attacks To Intensify

Ashwin Ram, cybersecurity evangelist at Check Point Software, says an organisation in Australia is being attacked on averaged nearly 700 times a week over the past six months.

He says it’s a mistake, however, to read the recent headlines about the St Vincent’s Health and Court Services Victoria hacks and assume that they are the work of a criminal mastermind. “There’s nothing sophisticated about these cyberattacks,” Ram says.

“These recent ones appear to be financially motivated, and cybercriminals are extorting as much as possible from their victims. Many attacks begin with some form of social engineering, such as the one against Court Services Victoria, where email was the delivery mechanism for initial access.

“The most common attack vectors include phishing, cloud misconfiguration, software vulnerabilities, and compromised credentials, as was the case in the St Vincent’s Health breach. ”

For Ram, it’s not the regularity of the attacks that is most worrying. It’s that cybercriminals also now have access to generative AI tools, allowing them to create highly effective phishing campaigns that are nearly impossible to detect.
Attacks to intensify

Ram and other cyber experts are predicting a further surge in cyberattacks over the next year given the rise in AI tools such as ChatGPT.

“Over the next year, cybercriminals will increasingly leverage generative AI to develop new tools for cyberattacks,” he says. “This trend will also lower the barrier to entry, enabling less technically proficient individuals to engage in malicious activities, as advanced skills are no longer a prerequisite for creating attack tools.”

More here:

https://www.smh.com.au/technology/low-cost-high-reward-the-hackers-holding-australia-to-ransom-20240105-p5evcg.html

It is a rather sad state of affairs that so early in the year we have to be reminded of the evil-doers out there and how we are really continuing to loose to war!

Each year the stakes are just that much higher and it really seems that we have reached some form or truce in the cyber war with the harm done being bad but not bad enough to provoke a really successful and sustained response!

I wonder will this be the year where AI and intelligent agents of some sort just clean up behind us and harm is reduced to an insignificant level permanently. I am sure such an outcome is in our futures. If not this year, some time soon!

David.

Thursday, January 04, 2024

It Has Really Been A Pretty Shaky And Sad Beginning To 2024.

This appeared earlier today.

Why the fates of Ukraine, Israel and Taiwan hang in the balance

Americans and Europeans truly have blindfolds on if they think they can raise their glasses to a happy new year while missiles rain down on Kyiv.

Niall Ferguson

Updated Jan 4, 2024 – 10.07am, first published at 5.00am

Twenty years ago, I published Colossus: The Price of America’s Empire. I had wanted to call it Blind Colossus: The Rise and Fall of the American Empire. In the still jingoistic atmosphere that had followed the terrorist attacks of September 11, 2001, my publisher dissuaded me. By the time the paperback came out, I could at least insist on my preferred subtitle.

Despite the passage of two decades, the book’s core arguments still stand up. Indeed, the tragic spectacle unfolding in Ukraine reminds me why I wrote the book in the first place. Americans – and Europeans, whose wealthy yet geopolitically inconsequential Union I also criticised – truly have the blindfolds on if they think they can raise their glasses to a happy new year while missiles rain down on Kyiv. Writing in 2003, I was not in principle against a pax americana in succession to the pax britannica of the 19th and early 20th centuries. I took (and still hold) the now heretical position that most history is the history of empires; that no empire is without its injustices and cruelties; but that the English-speaking empires were, in net terms, preferable for the world than the plausible alternatives, then and now.

However, I was sceptical about the neoconservative project to reorder the “greater Middle East” under the cover of a “global war on terror” in retaliation for September 11. I particularly doubted that the United States would be able to achieve its goals of transforming the governments of Afghanistan and Iraq into its allies – or at least satellites. Had Britain’s imperialists succeeded in taming the wild lands north of the Khyber Pass, much less ancient Mesopotamia?

The reasons for my scepticism were what I called the “three deficits” of America’s strange empire that dared not speak its own name. The first was the economic deficit – the federal government’s fiscally unsustainable path, which would make long-lasting military and administrative commitments abroad difficult to afford. More broadly, the United States was a net importer of capital and hence a massive global debtor, in marked contrast to Victorian Britain, which accumulated a vast stock of overseas investments. If you want to run the world, it helps to own much of it, rather than to owe it.

The second was the manpower deficit – unlike 19th-century Britons, most Americans have no great enthusiasm for spending large parts of their lives in far-flung hot, poor and dangerous countries. Consider the short tours of duty served by most military personnel who were deployed to Afghanistan and Iraq, not to mention the way many US bases tended to be cut off from the local populations.

Likewise bunkered in bomb-proof embassies, deficient in local-language proficiency, and wedded to first-world comforts, few American Foreign Service Officers have “gone native” in the past 20 years. They didn’t get the chance.

Finally, and most importantly, there was the attention deficit – the tendency of the American electorate (and therefore its elected representatives) to lose interest in any foreign enterprise that takes longer than a few years to complete. The prediction that the American appetite for reordering the Middle East would not outlast George W. Bush’s first presidential term proved correct. Barack Obama based his meteoric rise on not having supported the war and went on to tell the world that America was no longer “the world’s policeman”. (Syrians soon learnt what that meant in practice.)

All that has happened since 2003 has confirmed that the three deficits remain a powerful constraint on the exercise of American power abroad. The fiscal deficit now far outstrips what it was 20 years ago. The total federal debt was 59 per cent of GDP in 2003; last year it was double that (120 per cent). The manpower deficit today manifests itself as the armed services’ growing difficulty in finding willing, able-bodied recruits: At 452,000 active-duty soldiers, the US Army is the smallest it has been since 1940. Finally, the attention deficit disorder is now so severe that the public expresses impatience with wars it is merely being asked to support with money and material. No American has been obliged to fight to defend Ukraine against Russia’s criminal invasion. And yet, according to recent polling, nearly four in 10 Republicans think that “in terms of military support, America is already doing too much”.

Vastly more here and really excellent reading:

https://www.afr.com/world/europe/the-fate-of-ukraine-hangs-in-the-balance-20240101-p5eujb

It really seems that 2024 has started pretty badly and it is hard to be very optimistic right now!

On the Digital Health front I plan to wait a few weeks to see what interesting initiatives are announced for 2024 and what progress is reported for last year. Time will tell I guess…..

David.