Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.
  • 20 July 2018 08:13

Centrify calls for Zero Trust in My Health Record ‘honeypot’

Cybersecurity specialist Centrify calls for security by default to protect Australia's My Health Record database

Cybersecurity specialist Centrify has called for Australia to apply the principle of Zero Trust Security to protect the confidential health details of millions of Australians in its new My Health Record database.

My Health Record is an online store of health information, which currently contains records for 5.9 million Australians, for access by doctors, hospitals and other healthcare providers. From Monday this week, people across Australia have just three months to decide if they want to opt out of the system https://www.myhealthrecord.gov.au/.

Centrify, a leading provider of Zero Trust Security through the power of Next-Gen Access, warns that storing health records online risks attracting a lot of unwanted attention by creating a data “honeypot”. Earlier this year, the Office of the Australian Information Commissioner (OAIC) reported that 24 per cent of notified data breaches during the first quarter were from the healthcare sector. Security professionals report that criminals sell health data online at a premium.

Centrify Senior Director APAC Sales Niall King said the My Health Record initiative needed security at its core, both for the online database itself and for the health professionals who access it. “Saying a website is ‘password-protected’ offers about as much reassurance as a ‘beware of the dog’ sign to a postie,” he said.

“While the My Health Record system has a lot of built-in security, such as two-factor authentication and detailed auditing of anyone who accesses your health record, people need to turn on many of these features in the system, which puts the onus on them to apply the appropriate security settings. The risk here is that convenience is put before security.

“Centrify calls for a Zero Trust Security model, which assumes that people inside the network are no more trustworthy than those outside it. In the My Health Record context, this would mean applying full security at the outset and reducing it when needed rather than making security-off the default setting.

“The challenge for My Health Record is that putting vast amounts of confidential health data into a single online database creates a huge ‘honeypot’ to attract the bad guys, so security needs to be at the heart of the entire system.”

Mr King said healthcare providers, including doctors and hospitals, also needed to rethink their security if they were accessing data stored in the My Health Record system. “Reports suggest that the system can be accessed by 12,860 health organisations and as many as 900,000 health professionals, which creates rather a lot of risk,” he said.

“Even putting aside the danger of cyber attacks, data breaches can arise from unauthorised employees accessing the system or a doctor leaving the surgery without logging off the system.

“Regardless of their size, organisations with access to My Health Record need to review how they protect these confidential health records by applying a Zero Trust Security model, which can track who accesses the system, when and where they access the system and from what device.

“While it requires both time and money to apply Zero Trust Security to your computer systems, that resource pales into insignificance compared to the huge financial and reputational costs of suffering a public data breach.”

For media assistance, call John Harris on +61 8 8431 4000 or email john@impress.com.au.

About Centrify Centrify delivers Zero Trust Security through the power of Next-Gen Access. The Centrify Zero Trust Security model assumes that users inside a network are no more trustworthy than those outside the network. Centrify verifies every user, validates their devices, and limits access and privilege. Centrify also utilises machine learning to discover risky user behaviour and apply conditional access — without impacting user experience. Centrify’s Next-Gen Access is the only industry-recognised solution that uniquely converges Identity-as-a-Service (IDaaS), enterprise mobility management (EMM) and privileged access management (PAM). More than 5000 worldwide organisations, including over half the Fortune 100, trust Centrify to proactively secure their businesses. Centrify is a registered trademark of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.

Submit a media release

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release