Australia's eHealth record a security 'disaster'

Powered by SC Magazine
 

AusCERT chief warns of need for new approach.

One of Australia's most respected security professionals has warned that the Federal Government project to give citizens access to an electronic health record will lead to rampant fraud and privacy abuses.

Graham Ingram, general manager of infosec emergency response centre AusCERT told the Security on the Move conference in Sydney that the personally-controlled electronic health record project keeps him awake at night.

"E-Health worries me significantly," he told the conference, after explaining that his not-for-profit organisation is usually employed as the fire brigade to "put out the flames" after a breach incident.

The Health Minister has assured that PCEHR records will be secure from attack. But if such records are available at any time from any device over the public Internet, Ingram doubts it is possible.

"I am saying they are lying to us," he said.

"You can secure the back-end systems, absolutely.. what they haven't realised is that if you allow insecure endpoints to connect to that system, it's no longer secure."

Ingram told the audience that he doesn't understand why Australians need 'any time, any device' access to records.

"If I can view my electronic health record from the Qantas Club or internet cafe, we have a problem. If we can't secure the machines, we can't secure the records."

Ingram suggests the PCEHR system be accessible to citizens at secured terminals, installed at healthcare facilities, Medicare offices, or other institutions where access can be logged and controlled.

Ingram noted that the Government believes that "if the banks can do [online transactions], we can do it."

"But banks and eHealth records are two separate problems," he said.

"Banks don't care about the confidentiality of the transaction, it's the value and integrity of the transaction."

In an interview following his presentation (see below), Ingram noted that privacy breaches and health insurance fraud, concerning as they are, might be collateral damage in criminal schemes to gain access to pharmaceutical grade drugs.

"I think it will be disastrous," he said.

Copyright © SC Magazine, Australia


Australia's eHealth record a security 'disaster'
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 335

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 139

Vote