Cybersecurity specialist Centrify has called for Australia to apply the principle of Zero Trust Security to protect the confidential health details of millions of Australians in its new My Health Record database.
My Health Record is an online store of health information, which currently contains records for 5.9 million Australians, for access by doctors, hospitals and other healthcare providers. From Monday this week, people across Australia have just three months to decide if they want to opt out of the system https://www.myhealthrecord.gov.au/.
Centrify, a leading provider of Zero Trust Security through the power of Next-Gen Access, warns that storing health records online risks attracting a lot of unwanted attention by creating a data “honeypot”. Earlier this year, the Office of the Australian Information Commissioner (OAIC) reported that 24 per cent of notified data breaches during the first quarter were from the healthcare sector. Security professionals report that criminals sell health data online at a premium.
Centrify Senior Director APAC Sales Niall King said the My Health Record initiative needed security at its core, both for the online database itself and for the health professionals who access it. “Saying a website is ‘password-protected’ offers about as much reassurance as a ‘beware of the dog’ sign to a postie,” he said.
“While the My Health Record system has a lot of built-in security, such as two-factor authentication and detailed auditing of anyone who accesses your health record, people need to turn on many of these features in the system, which puts the onus on them to apply the appropriate security settings. The risk here is that convenience is put before security.
“Centrify calls for a Zero Trust Security model, which assumes that people inside the network are no more trustworthy than those outside it. In the My Health Record context, this would mean applying full security at the outset and reducing it when needed rather than making security-off the default setting.
“The challenge for My Health Record is that putting vast amounts of confidential health data into a single online database creates a huge ‘honeypot’ to attract the bad guys, so security needs to be at the heart of the entire system.”
Mr King said healthcare providers, including doctors and hospitals, also needed to rethink their security if they were accessing data stored in the My Health Record system. “Reports suggest that the system can be accessed by 12,860 health organisations and as many as 900,000 health professionals, which creates rather a lot of risk,” he said.
“Even putting aside the danger of cyber attacks, data breaches can arise from unauthorised employees accessing the system or a doctor leaving the surgery without logging off the system.
“Regardless of their size, organisations with access to My Health Record need to review how they protect these confidential health records by applying a Zero Trust Security model, which can track who accesses the system, when and where they access the system and from what device.
“While it requires both time and money to apply Zero Trust Security to your computer systems, that resource pales into insignificance compared to the huge financial and reputational costs of suffering a public data breach.”
For media assistance, call John Harris on +61 8 8431 4000 or email email@example.com.
About Centrify Centrify delivers Zero Trust Security through the power of Next-Gen Access. The Centrify Zero Trust Security model assumes that users inside a network are no more trustworthy than those outside the network. Centrify verifies every user, validates their devices, and limits access and privilege. Centrify also utilises machine learning to discover risky user behaviour and apply conditional access — without impacting user experience. Centrify’s Next-Gen Access is the only industry-recognised solution that uniquely converges Identity-as-a-Service (IDaaS), enterprise mobility management (EMM) and privileged access management (PAM). More than 5000 worldwide organisations, including over half the Fortune 100, trust Centrify to proactively secure their businesses. Centrify is a registered trademark of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.
Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.
With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.
An interview with CSO's David Braue and Ian Yip, Chief Technology Officer, McAffee.
According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities
In partnerhsip with Mimecast