Hospital hackers could steal your identity

New research uncovers the specific data leaked through hospital breaches.

What’s at risk in hospital hackings?

According to the Australian Digital Health Agency (ADHA), the controversial My Health Record system now holds 31 million clinical documents and in excess of 1.3 billion Medicare documents.

When the system was launched, there were concerns about the security of the data, but many who chose to participate in My Health Record may not have been aware of the information that is being targeted by hackers.

According to data from the Office of the Australian Information Commissioner, private health providers have been consistently at the top of the Notifiable Data breaches quarterly reports, meaning hackers are very interested in accessing health records.

Also some Victorian hospitals went into lockdown and surgeries were cancelled after a cyber attack earlier this week.

Now new research has uncovered the specific data that can be leaked through health record breaches and what can be done with it.

Michigan State University and Johns Hopkins University are the first to uncover the specific data leaked through hospital breaches.

“The major story we heard from victims was how compromised, sensitive information caused financial or reputation loss,” said John Jiang, the lead author of the study.

According to the research, a criminal might be able to apply for a credit card using the information obtained through a breach of health records.

Until now, researchers have not been able to classify the kind or amount of public health information leaked through breaches, thereby never getting an accurate picture of breadth or consequences.

To uncover what specific information was exposed, the researchers classified data into three categories:

  • demographic, such as names, email addresses and other personal identifiers;
  • service or financial information, which included service date, billing amount, payment information;
  • medical information, such as diagnoses or treatment.

“Within medical information, we classified information related to substance abuse, HIV, sexually transmitted diseases, mental health and cancer as sensitive medical information because of their substantial implications for privacy,” Dr Jiang said.

Over 70 per cent of the breaches compromised sensitive demographic or financial data that could lead to identity theft or financial fraud.

“Without understanding what the enemy wants, we cannot win the battle,” said report co-author Ge Bai said.

“By knowing the specific information hackers are after, we can ramp up efforts to protect patient information.”

Dr Jiang said hospitals and other healthcare providers could effectively reduce data breach risks by focusing on securing information if they have limited resources. For example, implementing separate systems to store and communicate sensitive demographic and financial information.

Are you a part of the My Health Record system? Are you worried that your personal health information could be stolen or hacked?

If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.

RELATED ARTICLES





    COMMENTS

    To make a comment, please register or login

    2nd Oct 2019
    11:16am
    I'm more concerned about government misuse of personal information given in good faith..... the old maxim that he who controls information controls society runs true, and governments thus far have a history of selling personal information for profit, as if it is something they own.

    Such an approach is disgusting.

    The Ministry Of Truth In Personal Privacy will ensure that nobody invades your privacy but the Ministry and will carefully filter those who are given access to your privacy. All Hail Big Brother!
    Polly Esther
    2nd Oct 2019
    12:10pm
    It's a conspiracy, everyone loses, I blame Tony Abbott. Then along came Sco mo hmmm :))
    Rosret
    2nd Oct 2019
    7:29pm
    Polly this was a Labor initiative which just happened to be introduced during the Liberal governments term in office.

    Its an incredible breach of privacy not just from serious hacking breaches - its open to 900 000 medical employees.
    Anonymous
    2nd Oct 2019
    8:38pm
    Yes, Ros - Labor and LNP are equally guilty of the hubris of desiring total control over our society and its people so as to fit them to their ways exclusively - they should both take heed of activities in Hong Kong....

    I applaud the Hong Kongese for their courage in standing up to be counted..... and demanding guarantees of basic rights.... this could lead to Downfall for the current Chinese 'government' of Neo-Mandarins...... really a group of industrial warlords working for a common end - their enrichment.

    So - when do we march on Canberra?

    2nd Oct 2019
    11:34am
    Jeez - let's split this joint, Igor -pretty dead audience...
    On the Ball
    2nd Oct 2019
    11:48am
    Amen Trebor! "Who guards the guards"
    Then The Ministry Of Truth In Personal Privacy decide that there's an epidemic! So big that they alone cant handle the data. So they contract it out.....
    OR, "Someone" in the "we're so honest" Government reckon to save money (read: give their mates a job, for example the current debacle around Dutton's plan to privatise the Australian Visa System), they should privatise The Ministry Of Truth In Personal Privacy.
    And to make money, The New Ministry Of Truth In Personal Privacy sell off YOUR data. Mainly to insurance companies and the like so they can tailor your cover (aka charge you more if you have a family history of sickness).
    And of course the newly privatised The Ministry Of Truth In Personal Privacy get taken over by a "large multi-national investment company" based in the Cayman Islands. (Healthscope? NSW Electricity?)
    Buggsie
    2nd Oct 2019
    1:46pm
    More privacy breaches have occurred through Facebook than through the My Health Record data. Should we all close our Facebook pages? Of course, then there's the issue of Zuckerberg actually selling so called depersonalised data blocks to his advertisers so that they can better target Facebook users with ads. Once recorded anywhere, we lose control of our personal data. Welcome to the digital age!
    KSS
    2nd Oct 2019
    2:35pm
    Which is why I do not have any social media accounts or a My Health Record.
    Anonymous
    2nd Oct 2019
    5:51pm
    Yeeee-ussssh - but I would consider the kind of info put out on Farcebook less important than information given in good faith to a government department....

    Choosing to throw your personal life onto Faecesbook is your own choice - you have no choices about your health information, other than to allegedly say it is not to be included in My Health Record.

    I have already indicated to you that one time when I was admitted to a hospital with chest pains, the Indian lady doctor - obviously not 'in the know' - even asked if I had once lived in a certain street when I was a child - even though that street name and even my own name have changed since....... (my own name for reasons you may not access).....

    Health records go back for your whole life............ your whole life ...... your whole life ...... 'concern' about My Health Record is a smokescreen.......... be advised...

    **ahem* yes, I have had previous connections with our top security agency and the AFP...... but no - you cannot find that anywhere - and nor can I..... I speak plainly because of an act of betrayal by my own government over this and similar issues...........
    Rosret
    2nd Oct 2019
    7:22pm
    KSS are you aware how many cookies are attached to the YLC site. - Only honest people don't know our real name and email address.
    Crimmo
    2nd Oct 2019
    6:00pm
    Technology is supposed to be so fucking good, why can't they trace the hack. that would be unAustralian in this crim loving country.
    Anonymous
    2nd Oct 2019
    8:29pm
    It's takes dedication and money - and no government is willing to take the chance on employing people of sufficient skills, since to do so is itself a security concern - who knows what people who you do not understand will do without your knowing?

    Catch - 22.

    Again - it would come down to a question of who guards the guard who guards the guard, while that guard protects you?

    Sadly - a reversion to paper files might be the only solution......
    Crimmo
    2nd Oct 2019
    6:00pm
    Technology is supposed to be so fucking good, why can't they trace the hack. that would be unAustralian in this crim loving country.
    Rosret
    2nd Oct 2019
    7:20pm
    No. Far too risky.

    Not only that the NSW government were recently running a competition to get civic minded citizens to sign up to their website. The only catch - you need to give them your medicare number - online! To whom??? - some foreign outsourced software company?

    The government, banks and educational institutions have become very laissez faire with our data.
    GrayComputing
    2nd Oct 2019
    8:09pm
    Until the governments of the world and private companies like google and Intel are forced to make secure computers and allow decent encryption for the likes of us this mess will continue
    Companies, governments and their agencies do not want secure computers with no backdoors.
    It is all too late and we all have to assume all the time our digital footprint ID and medical records etc are not secure and are open to all governments and also to the highest bidder in the private industry and or black market hackers for profits.
    Note: There are no secure computers/phones anywhere in the world !
    In cyber land you are all standing fully undressed for all those who want to look at your digital nipples, bum, pimples and wrinkles.
    There are no digital towels in cyber space to hide behind!!
    Anonymous
    2nd Oct 2019
    8:34pm
    Did you see the ABC program on ANU being hacked and how it was done?

    Astoundingly simple these days to get that first lever, and then prise open the doors.....

    N.B. What you say about real cyber security AND what I've stated above are why I have no fear of speaking out ... I'll take that risk, and the security services know full well who I am - but they may be slowly turning to my way of thinking.... finally. The real security of this nation depends not on some hardline adherence to an ideological offshoot (such as the belief that the preservation of the realm means adopting a very right-wing approach to security) ...... it depends on TRUTH... and preserving the basic rights of your people is one cornerstone of national security.


    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles

    You May Like