Agency says no hacker risk to health system
THE Australian Digital Health Agency has issued a ressurance that the digital My Health Record system cannot be accessed by unauthorised users.
In a story in yesterday’s Cairns Post an IT expert said the health records of all Australians would be vulnerable to hackers next year.
But a digital health agency spokesman said it was incorrect that My Health Record was openly accessible over the internet and was ‘vulnerable’ to ransomware attacks of the kind that had affected business and health services in other countries.
“These statements are not correct. My Health Record is protected from unauthorised internet access,” he said.
“There are multiple layers of security which protect the My Health Records from unauthorised access.
“Each consumer controls access to their personal records through their privacy settings. In order to gain access to a consumer’s record, a healthcare provider must be registered to participate and can only access the system through compliant clinical software or the National Provider Portal where they are individually authenticated.
“In addition, the Agency’s Digital Health Cyber Security Centre has responsibility for the ongoing security of the My Health Record system and has robust controls in place to prevent a malicious attacker from gaining access to health records ... and has a program of continuous improvement to ensure that the security controls stay up-to-date with any emerging cyber threats.”
The spokesman said the system had been operational for five years and “there have been no security breaches”.