Login
Health data hacks a matter of when, not if
A health insurance lawyer has warned that medical providers must take precautions in anticipation of the My Health Record opt-out deadline, as the medical sector is “vulnerable” to data cyber attacks.
Jerome Doraisamy
Barry.Nilsson partner Robert Samut said that under current data protection laws in Australia, the burden falls on medical providers to take all “appropriate measures” to protect a patient’s health data.
“With medical information, cyber criminals are able to gain access to prescription medication, receive medical care, access financial data and steal a person’s identity.”
The warning comes as the deadline to opt out of the “controversial” My Health Record was extended yesterday to 31 January 2019 by Health Minister Greg Hunt.
The largest source of reported data breaches is in the private health sector (20 per cent), according to the Office of the Australian Information Commissioner, followed by the finance sector (15 per cent), legal, accounting and management services sector (8 per cent), the private education sector (8 per cent), and the business and professional associations sector (6 per cent).
Mr Samut said the data showed that it isn’t a matter of “if the data would be hacked but when”.
“Storing records digitally with online access greatly increases the accessibility for criminals and hackers. You cannot cyber proof your systems or your network,” he argued.
“All you can do is put yourself in the best position to avoid a cyber attack or data breach and if one occurs put yourself in the best position to respond to it.”
One of the dangers of the My Health Record access tracking system, he continued, is that it did not track which individuals were accessing records, only institutions.
Personal medical records and Medicare details are valuable because they can be used to perpetrate identity fraud, he said, and they can also be used to redirect medication to alternate addresses.
It is critical, he posited, that any organisation have a coordinated incident response plan in place to respond to cyber security breaches.
“Having a plan in place is a non-negotiable. You must have one. A proper plan will dramatically limit damage, improve recovery time and help safeguard patient’s data,” he said.
“Another upfront issue is knowing what data you have and where it is stored. It’s very difficult to develop a meaningful or effective plan without knowing the answer to both these questions.”
Jerome Doraisamy
Jerome Doraisamy is the editor of Lawyers Weekly. A former lawyer, he has worked at Momentum Media as a journalist on Lawyers Weekly since February 2018, and has served as editor since March 2022. He is also the host of all five shows under The Lawyers Weekly Podcast Network, and has overseen the brand's audio medium growth from 4,000 downloads per month to over 60,000 downloads per month, making The Lawyers Weekly Show the most popular industry-specific podcast in Australia. Jerome is also the author of The Wellness Doctrines book series, an admitted solicitor in NSW, and a board director of Minds Count.
You can email Jerome at:
