Cybersecurity expert calls for replacement technology following Tasmanian ambulance patient data leak


Cybersecurity expert calls for replacement technology following Tasmanian ambulance patient data leak

A cybersecurity expert has called on the Tasmanian Government to replace its ambulance communication technology to prevent future breaches of confidential patient information.

It was revealed on Friday the private details of every Tasmanian who had called an ambulance since November last year had been published by a third party to a list online that was still updating each time paramedics were dispatched.

The unencrypted information came from pagers being used by paramedics.

Darren Hopkins, a partner at Queensland-based company McGrathNicol, which advises governments and businesses on cybersecurity risks, said it was very difficult to protect sensitive data on radio because it was such old technology.

“If anyone is still using older technologies that are susceptible to this type of loss, they would need to think about replacing them very quickly,” he said.

Mr Hopkins said replacement technology would be needed because while pagers work well in remote areas, it was very complicated to encrypt the information being transmitted by them.

“When you find an issue with the technology you’re using, you research and find an alternative and implement it as soon as you can,” he said.

He said governments across the country struggled with this issue, with a similar incident happening in Victoria in 2014, but most data breaches were internet-based, not radio-based like this one was.

The details of every Tasmanian that had called an ambulance since November 2020 was published online.(ABC News)

“They’ve taken what was radio data, converted it into text-readable data and published it online, and that’s particularly concerning because anyone could have captured and have a copy of that information by now,” he said.

Mr Hopkins said because the website was not run by a corporate entity, it was pretty much impossible to know who has accessed the information and when.

He said it was vital important information was not easily accessible.

“Just don’t make it publicly available, just encrypt it … it’s a fundamental concept of most security to be honest.”

Tasmanians’ private information ‘no longer secure’

Tasmanian Labor MP Michelle O'Byrne
Michelle O’Byrne says the Government had been warned repeatedly about the risks of data breaches.(ABC News: Laura Beavis)

The Government has been criticised for years about its lack of investment in information and communications technology (ICT), including by industry professionals.

Shadow Minister for ICT Michelle O’Byrne slammed the Government’s response so far, saying simply referring the matter to police did not address the years of inaction on data protection.

She said the Government had been warned repeatedly information stored in the Department of Health and Human Services was particularly vulnerable, with auditor-general reports in 2015 and 2018 and 2019.

“This Government has failed to address a known risk about patient information, and while they’ve always promised to do something, have failed to do anything,” she said.

She said Tasmanians should be concerned about how safe their information was.

“If the Government is not able to keep their information safe now and can’t do anything about that information that’s been published now, then what safety and security and confidence can we have that our information will be secure into the future?” she said.

“The fact that you can access this data so easily is an absolute betrayal of Tasmanians’ trust.”

Tasmania Police Assistant Commissioner Adrian Bodnar confirmed in a statement the matter had been referred to them for assessment.

Health Minister Sarah Courtney speaks at a media conference
Tasmanian Health Minister Sarah Courtney says an internal review of the data breach is underway.(ABC News: Scott Ross)

“Tasmania Police has contacted the administrator of the site who has voluntarily removed it,” he said.

In a statement, Health Minister Sarah Courtney said the data breach was “extremely concerning” and Ambulance Tasmania was taking appropriate steps to address it.

“I understand it may be distressing for those affected and I can assure Tasmanians that the Government is taking all the necessary steps to protect the privacy of our patients,” she said.

“An internal review into the circumstances which led to the breach is underway.”


Source link