A doctor has warned against health systems becoming like the ‘Cone of Silence’ from ’60s spy comedy series Get Smart, as the government considers its response to the darkweb marketplace ‘Medicare Machine’ scandal.
Dr Rob Hosking, representing the Royal Australian College of General Practitioners, told a senate committee hearing today that information security at clinics was adequate, and that too much security could reduce the efficiency of systems like My Health Record.
“We are concerned that this breach will lead to the imposition of tighter security practices by the government which will reduce the day to day functionality required to run an efficient health system,” Hosking told the Senate Finance and Public Administration References Committee this morning.
“We don’t want to end up with security so great that no one can use the system, which becomes a bit like the classic sixties sitcom Get Smart's Cone of Silence. Our overall feeling is that the security systems at the general practice level are good and adequate but we must constantly be on our guard and keep up with technological advances.”
The Australian Medical Association’s (AMA) Dr Tony Bartone agreed with Hosking, saying the danger was that a “disproportionate response may be implemented” adding to the “significant red tape burden already faced” that would make access to My Health Record “potentially unusable and very cumbersome at best”.
The inquiry comes as a result of a July Guardian article in which journalist Paul Farrell said he had been able to purchase his own Medicare number from a “darknet trader” on a marketplace site concealed using Tor.
The service – since taken offline – required a purchaser to provide the name and date of birth of an individual whose Medicare details they were seeking.
A number of submissions to the inquiry – Circumstances in which Australians’ personal Medicare information has been compromised and made available for sale illegally on the ‘dark web’ – emphasised that a Medicare number alone was not sufficient to access an individual’s medical information.
The AMA added that requiring patients present additional identification could have “inherently discriminatory effects” for Indigenous Australians, the homeless and mentally ill.
Security researchers Dr Chris Culnane, Dr Ben Rubinstein and Dr Vanessa Teague from the University of Melbourne wrote in their submission that it was important that Medicare cards and numbers not become widely accepted as proof of identity.
“A person's Medicare number isn't an inherently sensitive piece of information. The concern is whether that information could be used by a criminal to impersonate the person and hence extract sensitive information or perform other kinds of fraud,” they wrote. “Attention should focus on minimising the damage that occurs if someone learns someone else's Medicare number.”
The AMA said media reports that incorrectly linked the sale of Medicare card details to the security of the My Health Record had damaged community confidence in the system.
“Ideally this negative messaging should be countered by strong reassurance from the Australian Digital Health Agency as system operators,” the group said.
The inquiry continues.
- Digital health record custodian establishes cyber security centre
- DHS reissues 165 Medicare numbers in response to darknet scandal
- Light slowed with sound in photonic chip breakthrough
- Scientists give biometric security systems the (fake) finger
- Eight reasons why you should conduct a DNS audit
- Cyber flavoured delegation to head to San Francisco