News of a "shocking" data breach rocked the state's health department on Friday, but tech experts believe warning signs dating as back to 2014 could have prevented the violation.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
The details of every Tasmanian who called an ambulance since November last year were made publicly available through the breach, similar to examples from 2014 and 2020.
The 2014 breach happened in Victoria when a Country Fire Authority volunteer set up his own pager decoder, then in July last year confidential information from the WA Health Department was made public after an alleged pager hack by a 15-year-old.
IN OTHER NEWS:
Thinking Cyber Security Chief and Adjunct Professor at Australian National University, specialising in cryptography, Vanessa Teague said there was no real excuse to have unencrypted data about such sensitive information so obviously available.
"Encryption should be just a basic, sensible and normal thing you do when you are dealing with someone else's sensitive data."
- Associate Professor Vanessa Teague
"It should be thought as the same way as clipping up your seatbelt or locking your doors at night."
Digital security and information security engineer who has worked with medical institutions Eliza Sorenson said the breach was "absolutely foreseeable and preventable," she said.
"Pager networks are by design in plain text. For a country that adopts technology rapidly, it's alarming that something as important as first responder communications are still being done this way, but also that as a country we do not hold the information of our citizens at a higher standard of protection."
Tasmanian Health Minister Sarah Courtney announced on Saturday that the department was conducting "an internal review into the circumstances which led to the breach".
Ms Sorenson said, considering how foreseeable the breach was, "I don't believe anything solid will come out of this".
Pager and communications systems expert and radio operator, who goes only by Michaela, said while 2014 could have been warning enough for Ambulance Tasmania to change their system, it is likely red flags presented even before then.
"It's very common for people to be listening to the pager networks, and it's not uncommon for these people to be logging them. From time to time people setup websites that publish this data online," she said.
Michaela said the examples in Victoria and WA were "identical" to the Ambulance Tasmania breach.
Digital rights campaigner Asher Wolf said the breach was "egregious" considering similar breaches had happened "over and over again".
An Ambulance Tasmania document from 2015 readily available to the public details that the radio system they use is "neither private or secure", and provides a decrypting guide for pagers.
On Saturday Tasmania Police said they had been in touch with the website administrator who had "voluntarily" removed the Ambulance Tasmania information and the matter was being assessed.
What do you think? Send us a letter to the editor:
