This is exactly why I refused a "My Health Record". Why would I let these incompetent fools create a centralized database of my entire medical history? It's only a matter of time before it's hacked or sold off by conservative or neoliberal vultures.

[–] Aurenkin@sh.itjust.works 5 points 1 month ago (1 children)

Fucks sake

[–] autotldr@lemmings.world 3 points 1 month ago

This is the best summary I could come up with:

MediSecure, which facilitates electronic prescriptions and dispensing, confirmed it was the victim of a large-scale data breach in May.

The company had previously not disclosed how many Australians were affected but confirmed the data was taken from its systems up until November last year.

MediSecure went into voluntary administration in June after the federal government declined to provide it with a financial bailout.

A sample of the data has since been published on the darkweb, but the ABC understands there is no indication the larger trove has been publicly released.

In a statement released late Thursday afternoon, MediSecure gave details about the kinds of data stolen including full names, phone numbers, dates of birth, home addresses, Medicare numbers, and Medicare card expiry dates.

Australians are being told to watch out for scams referencing the MediSecure data breach, and not to respond to unsolicited contact that mentions the incident.

The original article contains 369 words, the summary contains 148 words. Saved 60%. I'm a bot and I'm open source!

[–] dumblederp@aussie.zone 2 points 1 month ago (1 children)

I'm surprised they had data on that many people.

[–] DeltaTangoLima@reddrefuge.com 7 points 1 month ago

Until November last year, MediSecure was one of only two companies awarded government contracts to supply electronic prescriptions. I'm honestly surprised the number isn't bigger.

Time and time again we're seeing companies that are allegedly being held to a high bar (in terms of regulatory oversight) failing to meet even minimum standards of service to protect the Australians that are forced to trust them with our data, and sometimes our lives.

Optus, MediBank, Latitude, MediSecure - the list goes on. Until we start jailing directors and CEOs for letting this shit happen, things aren't going to change.

ASIC is bloated and slow, with the most recent inquiry suggesting it needs to be split into two smaller, more agile organisations. Yet the federal government is all but ignoring the report's findings.
The ACCC has had its teeth practically filed down to nubs. It remains to be seen if they get bullied into giving Chemist Warehouse/Sigma a green light or not, but I have a horrible feeling a modified deal will somehow pass, and competition will be harmed in the process.
ACMA doesn't have anywhere near enough powers to hold our telcos to a higher standard of security and resiliency. We had a major chunk of the population that couldn't dial triple 0 for fuck's sake. How is a director or CEO not facing charges for that?

We talk a big game in Australia about having legislation that supposedly protects ordinary Aussies from being fucked by big companies, but we fall short of taking meaningful action when it actually happens. If we jail just one of the cowboys at the helm, the others will very quickly fall into line, or fuck off and make room for someone who will.

[–] Tregetour@lemdro.id 2 points 1 month ago* (last edited 1 month ago)

These breach incidents all serve to highlight the lack of a solution for patients that want to retain ownership (ie. exclusive control) over their data. Currently the only effective way to do that is a non-solution - by not interacting with the service at all.

Imagine there was one copy of your health information, and it was encrypted, and it lived on a server/flash drive/device under your control. In order to receive treatment, the provider has to access that source and request your permission or authenticate in some capacity. That would be an enduring, user-respecting solution that showed people that each loss of data was more than merely a publicity nightmare for the abetting company. Managing personal healthcare like this isn't for everyone, but it should be an option for patients with the means and inclination.

The fact that service providers neither want to co-operate with something like this, nor are required to by law, is a problem. There's currently no individual agency permitted whatsoever in this domain and I've been fed up with it for a long time.