According to the Australian Digital Health Agency (ADHA), the controversial My Health Record system now holds 31 million clinical documents and in excess of 1.3 billion Medicare documents.
When the system was launched, there were concerns about the security of the data, but many who chose to participate in My Health Record may not have been aware of the information that is being targeted by hackers.
According to data from the Office of the Australian Information Commissioner, private health providers have been consistently at the top of the Notifiable Data breaches quarterly reports, meaning hackers are very interested in accessing health records.
Also some Victorian hospitals went into lockdown and surgeries were cancelled after a cyber attack earlier this week.
Now new research has uncovered the specific data that can be leaked through health record breaches and what can be done with it.
Michigan State University and Johns Hopkins University are the first to uncover the specific data leaked through hospital breaches.
“The major story we heard from victims was how compromised, sensitive information caused financial or reputation loss,” said John Jiang, the lead author of the study.
According to the research, a criminal might be able to apply for a credit card using the information obtained through a breach of health records.
Until now, researchers have not been able to classify the kind or amount of public health information leaked through breaches, thereby never getting an accurate picture of breadth or consequences.
To uncover what specific information was exposed, the researchers classified data into three categories:
- demographic, such as names, email addresses and other personal identifiers;
- service or financial information, which included service date, billing amount, payment information;
- medical information, such as diagnoses or treatment.
“Within medical information, we classified information related to substance abuse, HIV, sexually transmitted diseases, mental health and cancer as sensitive medical information because of their substantial implications for privacy,” Dr Jiang said.
Over 70 per cent of the breaches compromised sensitive demographic or financial data that could lead to identity theft or financial fraud.
“Without understanding what the enemy wants, we cannot win the battle,” said report co-author Ge Bai said.
“By knowing the specific information hackers are after, we can ramp up efforts to protect patient information.”
Dr Jiang said hospitals and other healthcare providers could effectively reduce data breach risks by focusing on securing information if they have limited resources. For example, implementing separate systems to store and communicate sensitive demographic and financial information.
Are you a part of the My Health Record system? Are you worried that your personal health information could be stolen or hacked?
If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.