Weak data threatens health

New research has found big gaps in important digital health data.

E-health files in the United States are being used for all sorts of nefarious purposes, according to by the Washington-based Institute for Critical Infrastructure Technology's Your Life, Repackaged and Resold report.

It says hacking happens on a massive scale, and that many health organisations have failed to keep pace.

Researcher James Scott says cyber-crime used to focus on financial records, but these are now better protected.

“Adversaries made a lateral move over and picked the next easiest and most vulnerable industry, and that is the health sector,” he told ABC Radio.

“Most of these physicians don't even know that they have been breached.

“There is someone sitting on the backdoor of their network just exfiltrating data at will.

“That's how it is across the board — hospitals, insurance companies — they are breached and there could be multiple adversaries within their network.”

The experts say there is an enormous underground marketplace on encrypted sites for e-health data.

“They function just like eBay. They have their own review systems ... they have star ratings,” Mr Scott said.

“They are just as review-driven as eBay, Amazon, any of these vendor-type platforms.”

He said the stolen information is used to falsify drug prescriptions, claim false health benefit payments and even enable stalking.

The researchers say the entire health sector needs to realise its vulnerabilities.

“Unless they have layered security that not just detects and responds but predicts with artificial intelligence, they are not going to be able to detect them,” he said.