Australia's eHealth record a security 'disaster'

Powered by SC Magazine

AusCERT chief warns of need for new approach.

One of Australia's most respected security professionals has warned that the Federal Government project to give citizens access to an electronic health record will lead to rampant fraud and privacy abuses.

Graham Ingram, general manager of infosec emergency response centre AusCERT told the Security on the Move conference in Sydney that the personally-controlled electronic health record project keeps him awake at night.

"E-Health worries me significantly," he told the conference, after explaining that his not-for-profit organisation is usually employed as the fire brigade to "put out the flames" after a breach incident.

The Health Minister has assured that PCEHR records will be secure from attack. But if such records are available at any time from any device over the public Internet, Ingram doubts it is possible.

"I am saying they are lying to us," he said.

"You can secure the back-end systems, absolutely.. what they haven't realised is that if you allow insecure endpoints to connect to that system, it's no longer secure."

Ingram told the audience that he doesn't understand why Australians need 'any time, any device' access to records.

"If I can view my electronic health record from the Qantas Club or internet cafe, we have a problem. If we can't secure the machines, we can't secure the records."

Ingram suggests the PCEHR system be accessible to citizens at secured terminals, installed at healthcare facilities, Medicare offices, or other institutions where access can be logged and controlled.

Ingram noted that the Government believes that "if the banks can do [online transactions], we can do it."

"But banks and eHealth records are two separate problems," he said.

"Banks don't care about the confidentiality of the transaction, it's the value and integrity of the transaction."

In an interview following his presentation (see below), Ingram noted that privacy breaches and health insurance fraud, concerning as they are, might be collateral damage in criminal schemes to gain access to pharmaceutical grade drugs.

"I think it will be disastrous," he said.

Copyright © SC Magazine, Australia

Australia's eHealth record a security 'disaster'
Top Stories
Toll Group to go Google
Poaches Woolworths project manager.
How News Corp's CIO tackled skills in his race to the cloud
What to do when your team’s talents are no longer needed.
Photos: How Thodey transformed Telstra
From turbulent Trujillo to Australia's leading telco.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.