One of Australia's most respected security professionals has warned that the Federal Government project to give citizens access to an electronic health record will lead to rampant fraud and privacy abuses.
Graham Ingram, general manager of infosec emergency response centre AusCERT told the Security on the Move conference in Sydney that the personally-controlled electronic health record project keeps him awake at night.
"E-Health worries me significantly," he told the conference, after explaining that his not-for-profit organisation is usually employed as the fire brigade to "put out the flames" after a breach incident.
The Health Minister has assured that PCEHR records will be secure from attack. But if such records are available at any time from any device over the public Internet, Ingram doubts it is possible.
"I am saying they are lying to us," he said.
"You can secure the back-end systems, absolutely.. what they haven't realised is that if you allow insecure endpoints to connect to that system, it's no longer secure."
Ingram told the audience that he doesn't understand why Australians need 'any time, any device' access to records.
"If I can view my electronic health record from the Qantas Club or internet cafe, we have a problem. If we can't secure the machines, we can't secure the records."
Ingram suggests the PCEHR system be accessible to citizens at secured terminals, installed at healthcare facilities, Medicare offices, or other institutions where access can be logged and controlled.
Ingram noted that the Government believes that "if the banks can do [online transactions], we can do it."
"But banks and eHealth records are two separate problems," he said.
"Banks don't care about the confidentiality of the transaction, it's the value and integrity of the transaction."
In an interview following his presentation (see below), Ingram noted that privacy breaches and health insurance fraud, concerning as they are, might be collateral damage in criminal schemes to gain access to pharmaceutical grade drugs.
"I think it will be disastrous," he said.
Copyright © SC Magazine, Australia
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.