Cyber Security and privacy issues surrounding My Health Record
With the rapid increase in the usage of digital information, there has been a growing trend in recent times to store data in such a way that it can be accessed by relevant stakeholders on demand at any time.
Currently there is a growing debate about the My Health Record system in Australia where patient health records are to be stored in cloud providing easy access to patients and healthcare professionals. Though the health record system has been around for several years as opt-in, on 15 October 2018 it will switch to an opt-out system. This means every Australian will have an electronic health record unless she or he decides to opt out.
There are several instances where timely access to patient health records can be critical. In emergency situations, rapid access to health records is particularly important. Access to patient records can also be significant when it comes to elderly patients or patients who may find it difficult to remember the various medications they may have taken to manage their health conditions. This is also the case for complicated health cases where patients may be taking drugs or having treatment for several health conditions, and especially when there can be dependencies between the various medications.
Whenever sensitive data is stored digitally, such as in a cloud, security and privacy issues become particularly important. This is undeniably the case with health records which can contain sensitive and private information about patients. A key issue when it comes to security and privacy is the motivation for attackers to attack systems. In the case of health records, leakage of sensitive health information can have significant impact. This is the case especially if the person whose health data is leaked happens to be in the public eye, such as a politician or a CEO or an actor. In fact, it can affect anyone, though in some cases the harmful effect can be more severe than others. A job application may be unsuccessful due to leakage of healthcare information. In fact, just last week in Singapore health care records were breached and hackers stole data on 1.5 million patients. In particular, they accessed the health data of the Prime Minister Lee Hsien Loong, who was specifically and repeatedly targeted.
From security point of view, there is always the potential for security attacks to happen in the future that may lead to data breaches. This is in general true of any security system, as there is no absolute security. It is always a race between attackers and defenders/designers. The greater the incentive for an attacker to attack the system, the greater the probability that a breach can happen. In the case of health records, in addition to the data being sensitive, the information can also be used to contribute to identity theft. Knowing more about an individual improves an adversary’s ability to impersonate someone and steal his or her identity; the more accessible this information becomes, the greater the incentive to steal it.
It is almost inevitable that more services and applications will start using health care information. In fact the utility of such a system is greatly enhanced if more services use it. For instance, there will be a need for legitimate health analysis applications to use such health data to provide improved services. This leads to another potential threat - what mechanisms are there to ensure control of data access and sharing by other services/applications (from government organisations and/or third parties).
When new services/applications are introduced, there will be pressure to share data with them. This is common in the lifecycle of any large software system. To ensure security, processes must be developed so that data sharing is restricted. The patient must be given ultimate control as to what data is to be shared with what services/applications. Furthermore, there must be compliance procedures ensuring these regulations are enforced. There must be stringent controls on how other applications/services can use health data now and in the future, as more and more services are added to the platform. Already, there have been media reports indicating access to health data by other services/applications.
Another major issue related to data privacy arises from health records being stored in plain. Because the data is in plain format, it can be leaked when a breach occurs. With the growth in malware and security attacks, we cannot rule out the possibility of a breach. With the Mandatory Data Breach regulation in existence in Australia, there will be an onus on the part of the agency that is storing the data to notify the users in the case of any breach. But given the personal nature of such information, once the data breach happens, the harm done may be difficult to reverse.
This brings us to another technical point. There are technologies available that can help to protect data via encryption and still allow user/patient requirements to be enforced on the encrypted data. In fact, researchers at the Australian Cyber Security Engineering Research Centre have developed new security technology (see related references below) whereby it is possible to store the health records in encrypted form and still have user/patient policies enforced on the encrypted data so that only authorized persons (e.g. legitimate healthcare professionals) are able to decrypt and view sensitive health data.
If data is stored in a cloud and of the health data is in plain, then the cloud administrators have access to the data; in practice, there can be many such administrators in the cloud provider. However, if only encrypted health data is stored in the cloud, the administrators will not have access (unless the patient authorises it). The system is completely patient centric. Moreover, storing the health data in encrypted form helps to reduce the trust on the cloud provider. This strengthens the case for health data to be stored in encrypted form which not only reduces vulnerability to data breach, but also helps to reduce the trust on the cloud provider.
From a usage point of view, a major issue is the education of users in terms of privacy controls and their ability and competency in setting preferences. It is better practice to have strong privacy settings by default and let the user choose, if she or he so wishes, to relax these settings rather than the other way around. This approach should be adopted with the My Health Record system. The system provider is more aware of the attack surface and hence has the obligation to minimize it by setting a strong default configuration. It appears that much work remains to be done to increase user awareness and education on privacy issues surrounding the My Health Record system.
References related to our work
L. Zhou, V. Varadharajan, M. Hitchens, “Achieving Secure Role-Based Access Control on Encrypted Data in Cloud Storage”, IEEE Transactions on Information Forensics and Security, Vol. 8, No. 12, pp 1947 – 1960, Dec 2013.
L. Zhou, V. Varadharajan, and K. Gopinath, "A Secure Role-Based Cloud Storage System for Encrypted Patient-Centric Health Records," The Computer Journal, Volume: 59, Issue 11, pp 1593 – 1611, Nov. 2016.
This work on enforcing security policies on encrypted data stored in the cloud was awarded the 2012 Computer Journal Wilkes Award and 2013 EUREKA Prize Runner up Award for Outstanding Science in Safeguarding Australia.
- Prof Vijay Varadharajan
- Phone: (02) 4921 8687
- Email: Vijay.Varadharajan@newcastle.edu.au