Let's Talk About The Cyber Resilience of my Health Record
Last week, the Turnbull Government announced the rollout of phase two of My Health Record.
The rollout means every Australian's private health information will be stored online – unless they opt out.
Previous audits have shown a number of government agencies have failed when it comes to being cyber resilient.
The Department of Health, unfortunately, has not yet been audited to check if it is cyber resilient, and neither has the Australian Digital Health Agency, although I’m heartened that the agency has got a cyber security centre.
So I'm saying to the Prime Minister: let's talk about the cyber resilience of My Health Record.
Is the Department of Health cyber resilient?
Is the Australian Digital Health Agency cyber resilient?
Do they comply with ASD's mandated Top 4 mitigation strategies?
Do they comply with the Essential Eight?
What about access to data?
What about the computers in every health professional's surgery, clinic and centre across Australia?
Last year's WannaCry attack on the National Health Service proved that the networks that aren't cyber secure down the supply chain are the biggest vulnerability to our systems.
So I ask the Prime Minister: are there cybersecurity standards that are being applied to every part of the supply chain?
For the Australian people to have faith in this system, the government must assure them that the Department of Health and the Australian Digital Health Agency are cyber resilient.