Australian Computer Emergency Response Team (AusCERT) has warned Australians not to opt-in to the Federal Government’s Personally Controlled Electronic Health Record (PCEHR) system due to concerns about insufficient security protections for users’ personal information.
According to AusCERT general manager, Graham Ingram, the focus of the Department of Health and Ageing (DoHA) in securing the back-end IT systems supporting the PCEHR have been at the expense of ensuring the security of users at the point of access. As such, Australians using the PCEHR face the risk of identity theft.
“There is a massive amount of online crime which is all about compromising the end-point computers of your PC, laptop or smart device,” Ingram told Computerworld Australia. “The Department of Health and Ageing is putting those sensitive transactions or data over an insecure protocol.
“Any online transaction over the internet using a standard computer that has been compromised raises the risk of the data being stolen.”
AusCERT highlighted numerous issues with the system in a submission to the Senate committee investigating the PCEHR Bill 2011 last week, with the main point of contention being its delivery via the internet.
“In this submission, the focus is exclusively on the use of untrusted end-point computers and mobile devices and how, when compromised, they will enable attackers’ full control over the PCEHR to view or modify its contents with the same privileges as the owner or particular authorised user,” the submission reads.
According to Ingram, the DoHA has continually promoted the benefits of the PCEHR over the internet on the grounds that it will be secure. “Nothing over the internet can be secured… [The government] can tell us until the cows come home that its back-end systems are secure but that’s not the issue,” he said.
“Say there are a million machines out there with what we call data stealing Trojans, which compromise information such as bank details, it wouldn’t matter if someone stole those records from the Department of Health and Ageing’s back-end databases or the end user’s system, the result is still the same.”
A spokesperson for the DoHA told Computerworld Australia that the National E-Health Transition Authority (NEHTA) — the body charged with the rollout of the PCEHR — would continue to assess the changing security environment. “The PCEHR will be accessed through a secure encrypted session which will safeguard the private information from being intercepted,” the spokesperson said.
“As the AusCERT submission points out, there are also risks in terms of compromised PCs with malicious software and spyware.
“There will be an ongoing education process for users to understand these risks and to be able to mitigate them, increasing the safety of their records. Consumer education and risk management is being dealt with through various agencies.”
According to the spokesperson, government agencies including the Australian Communications and Media Authority (ACMA) and the Attorney-General’s Department will issue instructions for users on how to protect themselves from security threats.
“The PCEHR will also provide transaction logging capabilities, so that inappropriate access can be detected, as well as analysed and reported,” the spokesperson said.
Ingram also noted that while e-health systems are similar to online banking in that they are both not secure, the risk is not equal as banks reimburse customers for any loss incurred and many victims of identity theft suffer the ramifications for years to come.
“You have to look at it in terms of the value of the transaction. If your electronic health records are lost to an online criminal gang, will the government pay you the value of that loss? And of course there’s no transaction.
“You can’t compensate someone for the loss of their personal information, this is the distinction. Comparing health records with banking transactions are not fair comparisons, it is apples and oranges.
“Once your identity has been stolen it can never be returned, it’s theirs to use for perpetuity and a lot of people don’t realise that… If you talk to people who have been the target of identity theft they will tell you what a miserable life they lead.”
Ingram said the ability to access personal e-health records at anytime from anywhere was unnecessary and did not have enough advantages to make it worth the risk.
“Personally, I would rather be able to walk into the Medicare office and sit down at a set up secure machine and look at it there, that way it’s a government machine and so while it may not be over the internet I would prefer to do it that way.”
“I think the government needs to be honest and admit that health records over the internet are not secure and cannot be secured,” he said. “That will help users identify whether or not they want to take the risk.”
Follow Chloe Herrick on Twitter: @chloe_CW
Follow Computerworld Australia on Twitter: @ComputerworldAU