Govt’s new e-health platform already hacked


blog That shiny new e-health platform which the Federal Government sent live this week? The one you’re supposed to put all of your most personal medical information in, for sharing only between your cadre of closed-lipped medical professionals? Yup. It was reportedly hacked during its development. The Australian reports (we recommend you click here for the full article):

“The federal government’s e-health platform was hacked while being developed but the incident went undetected for several months.”

Now, we’re not sure precisely what occurred yet or who broke into the new system, but it’s worth noting that it has been predicted before that the system would be broken into. In March this year, security organisation AusCERT baldly stated that the system would inevitably be hacked. At the time, your writer agreed. I wrote back then:

“AusCERT’s concerns are legitimate ones. Creating a huge, centralised, government-run database of electronic health records is an activity which will no doubt draw online criminals and fraudsters like flies to a honeypot. There is absolutely no doubt that the security of the Government’s e-health records project will be defeated at various points, due simply to the fact that thousands of Australians will be accessing the database from insecure computers. When the endpoint cannot be secured, neither can the centralised data.”

It will be interesting to see how the Department of Health and Ageing responds to the allegations. It’s not precisely the best way to kick off this sensitive initiative.


    • The paywall is really easy to get around. Copy the URL, go to Google, paste the URL into the search box. The first result will be the article from The Australian. You can click that link because they allow you to read articles from search results without going through the paywall (up to a certain number per day).

      I’m surprised nobody has written a Chrome extension which fakes the Referer header for these sites :-)

  1. I agree links should be readable.

    I joined but declined using the Australian passport because there’s no iPhone app. And they expect me to mess with cookie setting.

    Klunky IMHO.

  2. Not wanting anything to do with The Australian – but if it was ‘hacked’ during its development, then it isn’t really a hack, but sabotage.

  3. It’s legitimate to link to content behind paywalls…not everyone is a tight arse after all. But perhaps a [rego required] flag or similar at the end of the link might save the valuable time of people with nothing better to do than read tech journalism and whinge during business hours.

  4. This doesn’t surprise me in the slightest. Just the Australian having a go at what COULD be a very useful tool for health and the public in general, because Labor has introduced it IMO.

    ALL government databases are major targets for hackers. The fact that it was hacked during development is actually good- it means those security flaws should be patched so they’re can’t be exploited.

    We just need to be sure it has decent security now that it’s operational. I’m looking forward to signing up online when it’s available. As long as the government is being proactive on eHealth’s security…..the hackers can try and get my records all they want. Hell, if they want them that bad, they can have them…..I’m not sure what they could do….make a fake me with a teeth mould, artificial knee and shoulder (xrays) and AB- blood?

    • Ok, yeah, if they could CHANGE the details, that’s a bit worrying. But I should think that would be MUCH harder to hack than actually just reading the database as is.

      • It’s not like they did stole anything from you, it’s just a copy. It’s your fault for not making your data available in a convenient affordable form for them to view. Why don’t you provide your data for $1 a person on iTunes. It’s your fault you won’t update your business model it’s your fault. LOL ;)

Comments are closed.