Skip to navigationSkip to contentSkip to footerHelp using this website - Accessibility statement
Advertisement

Former Pentagon cyber chief says hackers could exploit My Health Record flaws

Yolanda Redrup
Yolanda RedrupRich List co-editor

Subscribe to gift this article

Gift 5 articles to anyone you choose each month when you subscribe.

Subscribe now

Already a subscriber?

One of the world's leading experts in cyber security policy has warned the manipulation of health data is one of his biggest concerns facing society, as debate continues to rage about the long-term viability of the government's controversial opt-out My Health Record.

Former Pentagon chief strategy officer for cyber policy and newly appointed head of cyber security strategy for data centre security company Illumio, Jonathan Reiber, told The Australian Financial Review the health data of MPs and business leaders would be of particular interest to cyber criminals.

"If I'm a malicious actor wanting to cause discontent, I would be interested in that," he said.

Former Pentagon chief strategy officer for cyber policy Jonathan Reiber says My Health Record data will be of interest to cyber criminals. 

"If you get access to the health information of key leaders, you can understand what they like, who they are and what their problems are. [Cyber criminals] would want to look at a segment of 50 to 100 key leaders in the country, figure out data for intelligence purposes and then manipulate the data for the negative."

Earlier this month Health Minister Greg Hunt announced that the government would redraft the legislation surrounding My Health Record to restrict police access and allow records to be deleted permanently.

Advertisement

He had previously copped criticism for saying the digital health database had "military-grade security", despite not having two-factor authentication protocols.

Governing conduct

Mr Reiber, who was working for the Pentagon in 2009 when the US Cyber Command was created at the National Security Agency, was responsible for devising the policy to govern its conduct.

He said the government needed to act from the perspective of the worst-case scenario when it came to My Health Record and be prepared for that.

"Countries and companies have to go through the process of recognising that data can be manipulated and accept that it's not if someone breaks in, but when," he said.

Earlier this month Health Minister Greg Hunt announced that the government would redraft the legislation surrounding My Health Record to restrict police access and allow records to be deleted permanently.  Alex Ellinghausen / Fairfax Media

Advertisement

"If there is going to be a high degree of data sharing, then you have to have a very secure system and you need to put a red team (penetration testers) together to try to break into the system."

Data breaches

The most recent data from the Office of the Australian Information Commissioner revealed there were 242 notifiable data breaches in the first full quarter of the new laws, with the primary cause being criminal attacks followed by human error.

The health sector suffered the most breaches in the quarter, accounting for 49 of the notifications. In three of these breaches the personal information of more than 5000 people was breached.

Across all sectors, there was one breach that affected the records of more than 1 million people.

But Mr Reiber said he believed the US and Australia were leading the world in terms of the government approach to cyber security, with the US expert pinpointing the country's $230 million cyber security strategy.

Advertisement

Pace of change

He said the major threat facing all nations was the pace of change, and warned that there were conditions in Asia that would permit the manipulation of affairs in major nations, similar to the widely accepted Russian interference in the most recent US election.

"Russia conducted the most impactful cyber attack in history in a society with a strong rule of law and robust checks and balances. Those same conditions don't necessarily exist in large parts of the developing world and Asia," Mr Reiber said.

"Think about the restive insurgent groups in Asian countries, be it China, Myanmar or Thailand, who can acquire technology to develop offensive actions against the state in countries that are less free. China already infiltrated the Cambodian electoral systems before the last election."

A report from FireEye earlier this year detailed the cyber attack from China on the Cambodian government, while in July it was revealed China-based hackers had also managed to infiltrate the IT systems of the Australian National University, potentially compromising key defence research projects.

"The long tail of digital allows you to do a whole range of things with relative ease that you couldn't do in the past. Social media companies are catching up and learning good practices, so I think going forward we won't see the same attack vectors, but we'll see something new," Mr Reiber said.

"We have to be most aware of cyber influence attacks where data is manipulated. Manipulate the data in a shipping system... then you slow down global shipping... manipulate the balance sheet of a corporation and you can alter the facts about its financial makeup.

"If you manipulate the data around a patient in a hospital, you can cause serious damage."

Yolanda Redrup is the co-editor of the AFR Rich List. She previously reported on technology, healthcare and Street Talk. Connect with Yolanda on Twitter. Email Yolanda at yolanda.redrup@afr.com

Subscribe to gift this article

Gift 5 articles to anyone you choose each month when you subscribe.

Subscribe now

Already a subscriber?

Read More

Latest In Technology

Fetching latest articles

Most Viewed In Technology