The My Overall health Report technique was the subject matter of an tried hack in excess of the previous 11 months, the Australian Electronic Overall health Company has discovered.
National well being main information officer Ronan O’Connor informed a parliamentary inquiry into cyber resilience the cyber incident was one of two “potential knowledge breaches” to take place considering that July 2019.
The two were claimed to the Place of work of the Australian Info Commissioner as component of the notifiable knowledge breaches plan and neither resulted in any entry to the technique or knowledge loss.
O’Connor stated the very first knowledge breach notification connected to a “potential compromise to exterior IT infrastructure supporting the wider My Overall health Report system”.
“Somebody experimented with to hack our technique, so the exterior perimeter for our technique,” he stated on Tuesday.
“I want to assure the committee that there was no entry into the My Overall health Report in any way. No information or personalized sensitive information was accessed.”
O’Connor stated the ADHA’s stability monitoring tools picked up the “potential vulnerability inside the technique and as a consequence of that we notified the OAIC”.
“The OAIC has obtained what we shared with them and we also labored with the Australian Cyber Protection Centre, and on that basis they were pleased with the outcome,” he stated.
It is not recognized when the tried hack occurred. There has been heightened cyber exercise all through the coronavirus pandemic.
O’Connor stated the ADHA or ACSC was unable to determine the actor associated in the tried breach.
“We you should not have that stage of information. We labored pretty closely with the ACSC and on that basis we you should not know the actor in this occasion,” he stated.
O’Connor stated the next knowledge breach investigation connected to “a state well being care facility”, but turned out to be a wrong alarm.
“They became knowledgeable that the technique experienced probably been accessed without the health care recipients authority,” he stated.
“After an investigation was undertaken, it was verified that the particular person whose file was accessed was without a doubt obtaining health care at that facility at the time of entry, so there was no compromise.”
The reduction in breach notifications is a markable advancement on the 38 potential knowledge breaches that occurred in the 2018-19 economical calendar year.
O’Connor also mentioned the the ADHA is fully compliant with the crucial 8 mitigation techniques and has a comprehensive stability system that is overseen by a focused cyber stability centre.
“We’ve bought very a comprehensive system of technique and stability monitoring, whereby we have specialist real-time monitoring tools configured and tuned to instantly detect any anomalies in the technique by itself,” he stated.
“This auditing of exercise ranges from technique to technique exercise, so in relation to endpoints. All website traffic [that] stems to and from the My Overall health Report Program is monitored.
“And if there is any strange behaviours or exercise we have bought the prospect to notify that organisation and then in scenarios where by we we have bought specific concern we can suspend entry to the My Overall health Report technique.”
More to occur.