You are using an older browser version. Please use a supported version for the best MSN experience.

Cybersecurity expert calls for replacement technology following Tasmanian ambulance patient data leak

ABC NEWS logo ABC NEWS 9/01/2021 By Erin Cooper
a screen shot of a computer: The unencrypted information came from pagers used by paramedics. (Supplied: Accenture) © Provided by ABC NEWS The unencrypted information came from pagers used by paramedics. (Supplied: Accenture)

A cybersecurity expert has called on the Tasmanian Government to replace its ambulance communication technology to prevent future breaches of confidential patient information.

It was revealed on Friday the private details of every Tasmanian who had called an ambulance since November last year had been published by a third party to a list online that was still updating each time paramedics were dispatched.

The unencrypted information came from pagers being used by paramedics.

Darren Hopkins, a partner at McGrathNicol — a national company which advises governments and businesses on cybersecurity risks — said it was very difficult to protect sensitive data on radio because it was such old technology.

"If anyone is still using older technologies that are susceptible to this type of loss, they would need to think about replacing them very quickly," he said.

Mr Hopkins said replacement technology would be needed because while pagers work well in remote areas, it was very complicated to encrypt the information being transmitted by them.

"When you find an issue with the technology you're using, you research and find an alternative and implement it as soon as you can," he said.

He said governments across the country struggled with this issue, with a similar incident happening in Victoria in 2014, but most data breaches were internet-based, not radio-based like this one was.

"They've taken what was radio data, converted it into text-readable data and published it online, and that's particularly concerning because anyone could have captured and have a copy of that information by now," he said.

Mr Hopkins said because the website was not run by a corporate entity, it was pretty much impossible to know who has accessed the information and when.

He said it was vital important information was not easily accessible.

"Just don't make it publicly available, just encrypt it … it's a fundamental concept of most security to be honest."

Tasmanians' private information 'no longer secure'

The Government has been criticised for years about its lack of investment in information and communications technology (ICT), including by industry professionals.

Shadow Minister for ICT Michelle O'Byrne slammed the Government's response so far, saying simply referring the matter to police did not address the years of inaction on data protection.

She said the Government had been warned repeatedly information stored in the Department of Health and Human Services was particularly vulnerable, with auditor-general reports in 2015 and 2018 and 2019.

"This Government has failed to address a known risk about patient information, and while they've always promised to do something, have failed to do anything," she said.

"They're very, very good at announcing they'll do things and very, very bad at actually doing them … it's a negligent act of government to have been warned and failed to act to protect people's data."

She said Tasmanians should be concerned about how safe their information was.

"If the Government is not able to keep their information safe now and can't do anything about that information that's been published now, then what safety and security and confidence can we have that our information will be secure into the future?" she said.

"The fact that you can access this data so easily is an absolute betrayal of Tasmanians' trust."

Tasmania Police Assistant Commissioner Adrian Bodnar confirmed in a statement the matter had been referred to them for assessment.

"Tasmania Police has contacted the administrator of the site who has voluntarily removed it," he said.

In a statement, Health Minister Sarah Courtney said the data breach was "extremely concerning" and Ambulance Tasmania was taking appropriate steps to address it.

"I understand it may be distressing for those affected and I can assure Tasmanians that the Government is taking all the necessary steps to protect the privacy of our patients," she said.

"An internal review into the circumstances which led to the breach is underway."

Video: 'Right step at the right time': Businesses support NSW mask mandate (Sky News Australia)


More from ABC News

image beaconimage beaconimage beacon