The Australian Digital Health Agency has exposed details of the multi-layered security measures deployed to protect the My Health Record from compromise.
In its submission [pdf] to a senate inquiry into the e-health record system, the agency has given the most comprehensive exploration to date of its defence in depth security approach.
It identifies components from the principle that are used for day-to-day security of the My Health Record at the perimeter, internal network, host, application and data layers.
“To protect sensitive health data stored in the My Health Record system, the agency employs multiple layers of security to protect the system from malicious attack,” the submission states.
“This approach, known as defence in depth, is based on the idea that any single method of defence can be bypassed, so it is important to implement a range of security measures that work simultaneously to protect our critical data.”
The agency said it employs “firewalls with appropriate filtering rules, border routers, demilitarized zone (DMZ), and virtual private networks (VPNs)” to protect the perimeter network, completed by more security controls at the internal network layer.
“This includes network segmentation, encryption measures to protect data in transit, network monitoring and analysis, network access control and authentication, and in-line malicious content filtering,” the agency said of the internal network layer.
At the host layer, the agency has deployed protective measures focused on securing the host operating system and workstations.
These measures consist of “host-based anti-virus protection, host-based access control and authentication, port control, patch management processes, security information and event monitoring, host hardening, measures to prevent direct access to the host (lockdown mode), vulnerability management solutions, host-based firewall, host-based intrusion detection and intrusion prevention systems and file integrity monitoring”, it said.
Elsewhere, the agency has applied “strong authentication and access control measures, input validation, content filtering software, and application hardening” at the application layer.
Protective measures have also been used for the data layer, including "encryption to protect data at rest, a strong backup and recovery regime, and tightly controlled access provisions”.
The agency also said that the system, which is accredited under the federal government’s Information Security Manual (ISM), undergoes regular penetration testing and is continuously monitored to protect against risks.
Ecosystem concerns
The detailing of the security measures comes at a time when ADHA's security posture continues to face questions.
The agency maintains that the Record has not suffered a security breach since it launched in 2012, despite a number of cases of unauthorised access being reported to the Office of the Australian Information Commissioner.
The agency also used its submission to address concerns that the systems of healthcare providers connecting to the My Health Record aren’t secure.
It said organisations were required to “pass strict conformance requirements” and use “conformant software which has a secure and encrypted connection” before connecting with the My Health Record.
900,000 Aussies opt out
The senate inquiry was called to probe the privacy and security concerns that have been raised about the system since the opt-out period began on 16 July, as well as the expected benefits of the e-health record system and the decision to shift to opt-out.
It has so far held two public hearings, the most recent of which ADHA chief Tim Kelsey fronted to reveal that around 900,000 individuals eligible for a record had opted out by phone or using the online portal.
While this figure doesn’t include individuals that have opted out via paper form, he said at the hearing on Monday evening the figure was “significantly lower” than the agency had originally forecast.
The Community Affairs References Committee is expected to hand down its report on October 8.
