Somebody Tried To Hack Australia’s My Health Record Database
A parliamentary inquiry has heard My Health Record, that big pot of Australian health data, has faced two potential data breaches since July 2019.
The Australian Digital Health Agency, who operates the controversial My Health Record, detailed to a parliamentary inquiry on Tuesday morning that the system had faced potential data breaches, threatening to expose the data of millions of Australians, as reported by iTNews.
Its chief information officer Ronan O’Connor revealed My Health Record had faced two hacking threats in the preceding 11 months — one, a false alarm and the other undertaken by an unknown hacker.
“Somebody tried to hack our system, so the external perimeter for our system,” O’Connor told the parliamentary inquiry on Tuesday.
“I want to assure the committee that there was no access into the My Health Record whatsoever. No information or personal sensitive information was accessed.”
The system was launched back in 2012 under the Gillard government but in 2019, patient data was centralised, storing a person’s sensitive health information such as allergies, current medicines or treatments, medical conditions and blood test results in the one file.
O’Connor added that while they launched a joint investigation with Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) to find out who had tried to hack the datastore, they never uncovered who the perpetrators were.
“We don’t have that level of information. We worked very closely with the ACSC and on that basis we don’t know the actor in this instance,” he said.
The other ‘breach’ occurred at a healthcare facility when it was suspected the patient’s data had been accessed without their prior approval. Upon investigation, however, it was confirmed the patient was indeed receiving treatment at the time and it was not deemed a breach, according to O’Connor.
My Health Record’s shift to centralising patient data as a one-stop shop for health practitioners was at the centre of controversy after privacy and security advocates criticised the government’s need to put it all in the one place back in 2018.
Cassandra Cross, a criminology expert at the Queensland University of Technology, wrote in The Conversation at the time that health data was a particularly juicy target for malicious actors wanting to use or sell the data.
“Health information is… an attractive target for offenders. They can use this to perpetrate a wide variety of offences, including identity fraud, identity theft, blackmail and extortion.
There are promises of strong security surrounding My Health Records but, in reality, it’s a matter of when, not if, a data breach of some sort occurs.”
It will surely be reassuring any hacking attempts so far have been thwarted but as hacking techniques become more advanced threatening obsolete security protections, let’s hope it continues to be the case.
Last week marked the start of a three-month period in which Australians can opt out of the My Health Record scheme before having an automatically generated electronic health record. Some Australians have already opted out of the program, including Liberal MP Tim Wilson and former Queensland LNP premier Campbell Newman, who argue it should be an opt-in scheme. But much of the concern about My Health Records centres around privacy. So what is driving these concerns, and what might a My Health Records data breach look like?