New warning for $2 billion My Health Record
Exclusive: Almost every Australian will have a government-owned online My Health Record created for them from Friday as cybersecurity experts warn the system is vulnerable to hackers.
Meanwhile, News Corp has been told most medical specialists can't use the $2 billion record in their clinics because their computer software is not compatible and most are not registered to use it.
Specialists can access the records when they are working in most public hospitals but not all private hospitals.
"A lot of specialists records are not computerised, they write paper records and operation notes and put them in a manila file, and their software is not compatible," said former AMA president and now independent MP Professor Kerryn Phelps.
"All of this is further evidence of why I'm calling for a 12 month delay in the roll out," she said.
An executive from the world's fifth largest cybersecurity firm Proofpoint has warned doctors and hospitals would now be subject to trick phishing emails as a backdoor way of accessing information in the record that could be used to bribe people.
He warned hackers could pose as anaesthetists or surgeons and ask nurses or GPs or administrators for information on medications or health conditions like HIV, mental illness, drug use from a person's My Health Record.
"Why hack into the system directly when you can do it indirectly," Tim Bentley, Asia-Pacific and Japan Vice President for Proofpoint said.
"The biggest concern is the weakest link. You don't even need to download the record and copy it you could just ask them to read it off the screen to you.
"Health information can be used for direct blackmail or actors can use the information to persuade you to do something else if you work for an energy provider or the banking system or hold the purse strings or have access to the accounts of a big company."
He then added that when you look at the attacks targeting the healthcare sector, one trend stands out: today's cybercriminals primarily target people, including doctors, nurses, and administrators, rather than infrastructure, to access data.
The government says the My Health Record system is protected by military grade security and when asked this week if he could "guarantee that people won't have their My Health Records wrongfully exposed" Health Minister Greg Hunt said "yes".
Since it was launched in July 2012, there has already been over 99 data breaches but the government says there has never been a security breach of the entire system.
Six years after it was launched, the My Health Record system is still far from fully operational and many of the 22 million Australians who now have a record may find it does not yet match the hype.
News Corp reported yesterday that ambulance paramedics cannot access the system, most private pathology test results and scan reports are not being uploaded on to the records yet and many doctors aren't using it.
The Australian Digital Health Agency (ADHA) has revealed that just 287 specialist clinics some of which employ a handful of doctors aren't registered to use the record. There are 30,518 medical specialists.
Australian Digital Health Agency manager Mark Kinsela says now most Australians have a My Health Record it is more likely to be used, "we are definitely on a journey here".
Even though the opt out period has ended Australians can cancel their My Health Record at any stage.