Australia's eHealth record a security 'disaster'

Powered by SC Magazine
 

AusCERT chief warns of need for new approach.

One of Australia's most respected security professionals has warned that the Federal Government project to give citizens access to an electronic health record will lead to rampant fraud and privacy abuses.

Graham Ingram, general manager of infosec emergency response centre AusCERT told the Security on the Move conference in Sydney that the personally-controlled electronic health record project keeps him awake at night.

"E-Health worries me significantly," he told the conference, after explaining that his not-for-profit organisation is usually employed as the fire brigade to "put out the flames" after a breach incident.

The Health Minister has assured that PCEHR records will be secure from attack. But if such records are available at any time from any device over the public Internet, Ingram doubts it is possible.

"I am saying they are lying to us," he said.

"You can secure the back-end systems, absolutely.. what they haven't realised is that if you allow insecure endpoints to connect to that system, it's no longer secure."

Ingram told the audience that he doesn't understand why Australians need 'any time, any device' access to records.

"If I can view my electronic health record from the Qantas Club or internet cafe, we have a problem. If we can't secure the machines, we can't secure the records."

Ingram suggests the PCEHR system be accessible to citizens at secured terminals, installed at healthcare facilities, Medicare offices, or other institutions where access can be logged and controlled.

Ingram noted that the Government believes that "if the banks can do [online transactions], we can do it."

"But banks and eHealth records are two separate problems," he said.

"Banks don't care about the confidentiality of the transaction, it's the value and integrity of the transaction."

In an interview following his presentation (see below), Ingram noted that privacy breaches and health insurance fraud, concerning as they are, might be collateral damage in criminal schemes to gain access to pharmaceutical grade drugs.

"I think it will be disastrous," he said.

Copyright © SC Magazine, Australia


Australia's eHealth record a security 'disaster'
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1800

Vote
Do you support the abolition of the Office of the Information Commissioner?