The My Health Record story no politician should miss

Australia's digital health boosters may understand the potential medical benefits, but few seem to understand the potential risks. So let's think about that Singapore health data breach.
Written by Stilgherrian , Contributor

The specific and repeated targeting of Singapore Prime Minister Lee Hsien Loong's personal information and pharmaceutical records should cause every supporter of Australia's now-controversial My Health Record to stop and think.

Lee is only 66 years old, and his response to the data breach implies that he thinks he is in good health. But imagine the political mayhem that could be caused if something negative had been revealed.

It should be obvious to even the least educated politician that prescriptions for certain drugs can reveal medical conditions they'd rather their opposition didn't know about.

Early signs of Alzheimer's disease or other forms of dementia would mean the end of a political career, perhaps rightly so. But with all the taboos still surrounding mental health, signs of less dramatic conditions could be used as political leverage. A prescription for an anti-psychotic medication, say, or even just a series of appointments with a psychiatrist known to specialise in these disorders.

The timing of medical treatment can also reveal politically problematic patterns of activity. Prescriptions for erectile dysfunction pills would be perfectly reasonable for a male in his 60s or beyond, although they'd doubtless trigger embarrassing comments about flaccid policies. But what if the politician was married, the prescriptions were always in the weeks before overseas missions, and after the last such trip there was a series of weekly visits to a sexual health clinic? Infidelity can kill a career.

Women come under even more scrutiny. Totally unfair, of course, but it's still a fact of political life. A single woman having an abortion would be a political problem, doubly so if she'd previously proclaimed her pro-life credentials.

Politics is an ugly game. The question I ask every Australian politician is this: If you're so confident that the risks of a medical records data breach is so small, would you be happy to give me a copy? Promise I won't tell anyone.

Moving beyond politics, how might data on 1.5 million citizens of Singapore -- or any other nation -- be useful?

It's not only politicians who might have their medical records used against them. How about senior military figures or public servants? Corporate executives? How about relatively low-ranking people who might have access to interesting information? Russia, for example, is very good at this.

"Kremlin leaders often want to gain political influence outside of Russia. They'll cast a wide net and wait patiently until the time is right to exploit someone," William Browder, CEO of Hermitage Capital Management, told NPR.

"The two primary ways in which they recruit people is either through bribery or blackmail ... They find ways of threatening people through compromising information," he said.

If you scoop up 1.5 million records, you're bound to find a few marks. And while My Health Record boosters point to the criminal penalties for misusing medical data, I doubt that foreign intelligence services are particularly bothered.

One of the most ludicrous arguments against opting out of My Health Record is that we already do banking and ecommerce on line, so why not health as well? Simple. If your credit card number is stolen, the bank will give you a new credit card, and give you your money back. Once health data is stolen, it's stolen for good.

Stolen health records are some of the most valuable data on the black market, even if they don't contain any clinical information.

"Medical information can be worth ten times more than credit card numbers on the deep web," Jean-Frederic Karcher, head of security at communications provider Maintel, told The Independent last year. "Fraudsters can use this data to create fake IDs to buy medical equipment or drugs, or combine a patient number with a false provider number and file fictional claims with insurers."

In the Singapore data breach, the stolen records included patients' name, national identification number, address, gender, race, and date of birth. That's an identity theft starter kit right there.

Equally ludicrous is the argument that your medical data already exists and is stored in various organisations, so where's the problem with it being out into My Health Record? Again, the counter-argument is simple.

Gathering everyone's data into a central repository creates a much more attractive target. Providing access to 900,000 health industry workers creates a massively expanded attack surface. The odds of your own medical records being breached skyrockets. Medicos asserting that they follow a code of ethics count for nought in a group of people that big, because there will always be some suffering financial stress, or blackmail, and be willing to take their chances.

Politicians need to understand that that risk involves both the odds of something happening and the severity of potential damage. Even a small chance of a data breach is unacceptable if the potential damage is high.

Finally, the claim that patients are in control is rubbish. To be in control of something you have to know it exists, that the controls exist, and that you understand how to use the controls. Out of those who already have a My Health Record, fewer than 0.1 percent used the privacy controls. You'd have to be a fool to think they're the only ones concerned about their privacy.

None of this means that the Australian Digital Health Agency (ADHA) hasn't secured the systems to the best of its ability. What it does mean is that politicians and medical industry spokespeople who gloss over the risks simply don't know what they're talking about.

Related Coverage

Editorial standards