White House hacked; Telstra CIO quits; Two Australian eHealth data breaches


By Andrew Collins
Tuesday, 04 November, 2014


White House hacked; Telstra CIO quits; Two Australian eHealth data breaches

Australians’ personal health information was potentially exposed in two separate data breaches during the 2013-2014 financial year, according to a report from the Office of the Australian Information Commissioner (OAIC).

The document - titled ‘Annual report of the Information Commissioner’s activities in relation to eHealth 2013-14’ - stated that during that time period, the OAIC received two mandatory data breach notifications relating to the Personally Controlled Electronic Health Record (PCEHR) system from the ‘System Operator’.

This PCEHR ‘System Operator’ is the Secretary of the Department of Health.

In the first data breach - which the System Operator reported to the OAIC in December 2013 - a technical change to the system meant that healthcare providers could view consumers’ personal health notes.

“Investigations by the System Operator identified the cause and a technical fix was put in place to prevent further access. The OAIC reviewed the information provided by the System Operator in relation to the breach and determined that the response was appropriate and that no further action was required,” the OAIC’s report said.

The second breach - which the System Operator reported to the OAIC in May 2014 - involved consumers logging into their MyGov account and using their identity verification code (IVC) to access their own PCEHR, and link their PCEHR to their MyGov account.

“In some instances they also accidentally set up access to another consumer’s PCEHR while still logged into their own MyGov account, linking that second consumer’s PCEHR to their own MyGov account. This resulted in the landing page of the first consumer’s PCEHR showing two ‘Open your eHealth record’ buttons, which provided links to open both consumers’ PCEHRs,” the OAIC’s report said.

The report noted that the cause of this breach was not related to MyGov.

“The System Operator advised that containment strategies had been implemented to prevent similar incidents occurring,” the report said. “The OAIC sought further information from the System Operator about its response to the breach. The OAIC’s consideration of the data breach notification and the further information provided by the System Operator was ongoing at 30 June 2014.”

Telstra CIO resigns

Telstra CIO Patrick Eltridge has resigned, after four years in the role, for a job overseas, and will leave the telco before the end of November.

“Patrick has recently informed us that he will be leaving to explore international opportunities,” a spokeswoman for Telstra told ITNews.

Eltridge confirmed to CIO that he had taken a role overseas, but declined to provide specifics.

His last day will reportedly be 28 November. The company said it has begun a “global search” for his replacement.

Eltridge began as CIO at Telstra in November 2010, after John McInerny exited the position in June earlier that year.

Prior to Telstra, Eltridge worked at Standard Chartered Bank in Singapore. He also worked in CIO roles at Westpac and Seek, each for four years.

White House hacked

Hackers have successfully breached unclassified computer networks at the White House in an attack that was reportedly discovered in October.

White House officials, speaking on the condition of anonymity, told the Washington Post that the hackers did not damage any of the systems and that there was no evidence that the classified network was hacked.

“In the course of assessing recent threats, we identified activity of concern on the unclassified Executive Office of the President network,” the Post quoted one White House official as saying. “We took immediate measures to evaluate and mitigate the activity.”

“Certainly a variety of actors find our networks to be attractive targets and seek access to sensitive information,” the White House official reportedly said.

The FBI, Secret Service and NSA were said to be investigating the breach.

According to the Post’s sources, the breach was discovered around early to mid October. Some staff were reportedly asked to change their passwords, and intranet or VPN access was shut off for some time.

The BBC reported that, in the course of addressing the breach, some White House users were temporarily disconnected from the network.

“Our computers and systems have not been damaged, though some elements of the unclassified network have been affected. The temporary outages and loss of connectivity for our users is solely the result of measures we have taken to defend our networks,” the BBC quoted a White House official as saying.

Image courtesy White House

Related Articles

Is the Australian tech skills gap a myth?

As Australia navigates this shift towards a skills-based economy, addressing the learning gap...

How 'pre-mortem' analysis can support successful IT deployments

As IT projects become more complex, the adoption of pre-mortem analysis should be a standard...

The key to navigating the data privacy dilemma

Feeding personal and sensitive consumer data into AI models presents a privacy challenge.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd