Flinders University Professor of Digital Health Systems Trish Williams warns the recent data breaches within the healthcare industry are part of a “bigger silent issue of healthcare data manipulation and corruption that may go unnoticed”.
This is something that pharmacists need to take notice of with the increasing use of technology within pharmacies.
Professor Williams says there is currently no way to guarantee the privacy of information when information systems are becoming increasingly complex and sensitive private health and healthcare information is being stored and shared around the world.
“It is unfortunate that too often data breaches in healthcare are not detected immediately or the extent of the breach not easily identified,” Professor Williams said.
“It is unfortunate that too often data breaches in healthcare are not detected immediately or the extent of the breach not easily identified.
“The incidents occurring in Australia recently demonstrate that no security, however good, is 100% secure,” she said.
Professor Williams says that while companies and organisations aim to secure their systems optimally, “you would be hard-pressed to find any cybersecurity expert who would agree” that they’re 100% secure.
She says the problems with security stem from “the increasing complexity of our information systems and our desire for them to be interoperable and integrated, to share our valuable data, so we do not need to re-enter it time and time again”.
“Data re-entry is another problem with human error a persistent problem,” Professor Williams said.
“The purpose of illegally extracting data is entirely financial – either holding data for ransom or on-selling it for others to perform identity theft.
“The current high profile raft of incidents (including Optus’ customer base) focuses on the access to and extraction of sensitive and personally identifiable information, however, there is a bigger silent issue of healthcare data manipulation and corruption that may go unnoticed for months or years,” she said.
Another issue, says Professor Williams, is that healthcare systems often don’t have advanced processes to detect fraudulent activity like the bigger financial institutions do.
“The impact of this is difficult, if not impossible, to gauge because it only comes to light when a person’s data is used for a healthcare episode (if the change is evident),” Professor Williams said.
“The potential for adverse events to occur is there but to date unidentified because there is no money in such an activity for the attackers.”
Flinders University Digital Protection and Health Law Lecturer Dr James Scheibner says an incredible amount of personal health information is stored in public sector and private company data files, which is always at risk of a leak.
“We need to take a long hard look at how this data is stored and shared and create more protection for the transfer and sharing of this information,” he said.