Government website, myGov, which is used to track the doctor visits, prescriptions and welfare payments for 2.5 million Australians is incredibly vulnerable to hacking according to IT experts.
The site, which by the middle of the year will also be used to lodge electronic tax returns, uses only a user name, password and one security question which, as it is less than Google and Twitter, concerns IT security expert Troy Hunt, “I’m surprised and concerned that the security controls protecting my medical [and tax] records are less than those protecting my recipes stored in Evernote,” Mr Hunt said.
If all accounts are linked by a user, hackers could easily gain access to their name, date of birth, phone numbers, email address, Medicare number, child immunisation records, dates of doctor visits and drugs prescribed, welfare and childcare reimbursement payments. And when the lodgement of electronic tax returns is made mandatory by mid-year, bank account details and financial records may also be at risk. Mr Hunt called on the Government to install a two-factor authentication, which uses a token or code sent to a mobile phone, to better protect individuals’ information. “I think given the class of information they’re protecting I’d call it irresponsible simply because I expect two-factor authentication for information that is much less valuable,” said Mr Hunt.
While the move to myGov is supported in principle by Taxpayers Australia, its spokesman Mark Chapman said further reassurances that taxpayers’ information was safe were required, “We need reassurance from the myGov [software] developers that taxpayers’ information will be fully secure and in particular we are very concerned about the user name facility, which seems to make it too easy for third parties to find out your myGov identity by stealing the written record of your user name, which all taxpayers will need to keep,” he said.
Read the full story at TheAge.com.au
The move to force people to transact online is gathering momentum, but are we in danger of becoming too blasé about the dangers of transmitting our information virtually?
I don’t think twice about doing banking tasks online on my smartphone, nor do I give much thought into purchasing goods online, but is this because I’m tech savvy or simply naïve believing my details are secure?
Almost every week a news story hits which uncovers a data breach by the world’s organisations. Just last week, US communications company Verzion released its 2014 Data Breach Investigations Report (DBIR), which found that of the 50 global companies contributing, there were 1367 confirmed data breaches and 63,437 security incidents. Of these incidents, 94 per cent fall into nine basic attack patterns, web application attacks dominate the financial services sector and point of sale attacks plague retail.
Even if you don’t shop or bank online, the need to be virtually connected is growing. Try carrying out a transaction over the phone or at a Centrelink office and you’ll wait upwards of 30 minutes on hold or in a queue, but you can have instant access online. Medicare now no longer holds cash at its offices, forcing people to provide their bank details to make a claim. And how long will it be before every Australian is required to have an electronic patient record to visit a doctor or have a prescription dispensed?
So while I’m all for the ease of being online, organisations, and especially governments need to take security and the safety of data a lot more seriously.
Do you use the myGov portal? If so, do you have concerns about its safety and security? Or if you’re a self-professed digital dinosaur, are you finding it more difficult to transact offline?