My Health Record could be our worst government data breach yet

The Turnbull government has demonstrated its willingness to use private information against critics, and we know how poor third party contractors can be at securing data.

Photo credit: Alanna Autler

A recent spate of significant data breaches continues to demonstrate the huge problems of the relentless accumulation of information on all of us both by corporations and governments. Just in recent weeks, we’ve had:

the Commonwealth Bank’s major data breach, which we only learnt about from Buzzfeed;
the continuing fall-out from the PageUp data breach, affecting thousands of Australians and dozens of major commercial and government users;
a Ticketmaster data breach that may have affected Australian customers;
a breach at controversial health booking service HealthEngine;
a hack of Family Planning NSW;
a breach at Aviation ID Australia affecting Aviation Security Identity Cards, used to access restricted areas of airports.

At least we’re now being notified more consistently about breaches, after the government finally stopped dragging its feet and a data breach notification scheme commenced.

Earlier this week, IT News reported that the four major political parties would be given $75,000 each to strengthen the security of their voter information systems. Online rights watchdog Digital Rights Watch welcomed the move, given what is known about the poor state of cybersecurity in the systems of political parties; at least one major party is known to use a system that sends user names and passwords in clear text.

The potential for a large-scale data breach of the most serious kind will increase in coming months as the so-called “My Health Record” e-health system is rolled out. From Monday, citizens will be able to opt-out of having an electronic health record created by the government for them. Those that don’t, face the risk that their health records could be accessed via a data breach, particularly of any third party service providers involved — it is a recurring pattern of data breaches involving governments that often government agencies themselves are not breached, but they have outsourced a service to a private contractor (like PageUp) to save money and it is the latter who are breached. In the case of My Health records, there is also a risk that health professionals other than your own might also access it.

This is all prior to the grimmer scenarios around what a government agency or minister could do with your health information. These are of course no hypothetical visions of an Australian dystopia: we know that Alan Tudge and his bureaucrats used a critic’s private information to publicly attack her, and did so with the subsequent approval of the so-called Privacy Commissioner. Health information is even more sensitive than the sort of information collected by welfare authorities, but there is literally nothing to stop the government from using that information against someone who has embarrassed it. The government that leaked information about Andi Fox, that is prosecuting Witness K and Bernard Collaery, that sent AFP officers into Parliament House to pursue emails between Labor staff and journalists, that set up two royal commissions to pursue its political opponents, and that is currently criminalising even the mere reading of leaked information online, cannot be trusted with any kind of personal data. Its security is too poor, and it has demonstrated it will use private information for political purposes against citizens.

The best security is to prevent it from accumulating information on you in the first place. Then there’s none to steal or to misuse. Opting out of My Health Record is the only sensible option.

About the Author

Bernard Keane

Politics editor @BernardKeane

Bernard Keane is Crikey's political editor. Before that he was Crikey's Canberra press gallery correspondent, covering politics, national security and economics.

32 comments

32 Comments

oldest

newest most voted

Inline Feedbacks

View all comments

Hunt, Ian

2 years ago

The best security is to make sure this government is tossed out at the next election. Then the new Labor government should be urged, and forced if necessary, to set up a task force to solve these problems and prevent any future government from using breaches of privacy for political gain. An agreement between the states and commonwealth should be able to lock it in, as it did with the GST.

paddy

Seriously insane. I just followed that “opt-out” link and from there to another page
entitled Cancel my record.
https://www.myhealthrecord.gov.au/for-you-your-family/howtos/cancel-my-record
I’ve seen some mad stuff with Govt Depts before, but for sheer Kafkaesque nonsense,
how about this one:
“Once your record is cancelled, it will be retained for a period of 30 years after your death or, if the date of death is unknown, for a period of 130 years after the date of your birth.
Your My Health Record may be accessed by us for the purposes of maintenance, audit and other purposes required or authorised by law.”

Words fail me 🙁

zut alors

Reply to paddy

Paddy, for a moment there I thought you were quoting a First Dog cartoon. But nobody, even the super-talented Dog, could make this up.

susan ireland

My reading of this, is that health providers will still enter records into the system, the government will still be able to do what they like with it, and the only consequence is that other health care providers won’t be able to see what is there. I won’t be able to see what is there but it will be there anyway.
That isn’t opting out unless I am reading this incorrectly.

OliverB

I really don’t much care in the unlikely event that someone learns I get migraines. I _do_ care that paranoia about health record storage will prevent me getting proper emergency care, and will prevent researchers seeing patterns that might help me prevent the migraines.

Desmond Graham

Reply to OliverB

Your comment does not contribute to the issues – changing governments won’t make an iota of a difference same system will still exist and it was a labor government that commenced the eHealth big brother system – it is independent of type of government

Reply to Desmond Graham

oops the comment was in response to Ian Hunts comment

if you have headaches – and you are an adult one would think you know the pattern that gives you a headache – government record of your headache isn’t going to help you . Perhaps a good doctor who has access too the latest medicines would be the way to go, same as for any illness.

Robert

You are, of course, right. The benefits of an accurate diagnosis in an emergency, not the mention not having to fill in pages of medical history every time I engage with the health system more than outweigh the risk that someone will do something nefarious with my health records, whatever that might be. I don’t leave my car in the garage simply because I might have an accident.

klewso

Who will protect us from the protectors?

Bernard – about time Crikey addressed the issue – but left it too late – opt out only lasts from 16 July to October so its a once in a lifetime restricted opportunity – also the process has been so designed that the opt out process is so difficult that most people will give up half way through and those without computers are restricted.

My Health Record could be our worst government data breach yet

Thanks for signing up

About the Author

Topics

Leave a comment

Share this article with a friend

Your details

Your friend's details

Sign in

Want some assistance?

My Health Record could be our worst government data breach yet

Thanks for signing up

Share

About the Author

Topics

Leave a comment

Share this article with a friend

Your details

Your friend's details