Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/functions.php on line 6114
WA Health: No breaches of unencrypted COVID data means well managed and secure system - Best Business Review Site 2024

WA Health: No breaches of unencrypted COVID data means well managed and secure system

[ad_1]

perth-city.jpg

Perth city


Image: Getty Images

The Auditor-General of Western Australia has once again given state authorities a whack for security weaknesses in IT systems used in the state, with a report on its Public Health COVID Unified System (PHOCUS) tabled on Wednesday.

PHOCUS is used within WA to record and track and trace positive COVID cases in the state, and can contain personal information such as case interviews, phone calls, text messages, emails, legal documents, pathology results, exposure history, symptoms, existing medical conditions, and medication details. The cloud system can also draw information in from the SafeWA app on check-ins — which the Auditor-General previously found WA cops were able to access — as well as from flight manifests, transit cards, business employee and customer records, G2G border-crossing pass data, and CCTV footage.

The report found WA Health only used encryption in its test environment, was not able to tell if malicious activity was occurring, and lacked a contract management plan with its vendor.

“WA Health did not keep logs of user ‘view’ access to information in PHOCUS. Only ‘edits’ (changes or deletions) to information in the system were logged but WA Health did not monitor these logs for inappropriate activity,” the report said.

“WA Health will not know if personal or medical information is inappropriately accessed (viewed or edited by WA Health staff or their third party vendors).

“Following our audit enquiries, WA Health advised us they have now implemented a process to monitor edit access (data changes), but had not implemented a process to log view access (to detect snooping) due to perceived system performance issues.”

The department also encrypted personal and medical information after the audit, increased data masking to all information in its test environment, and implemented a file upload denylist and brought a malware scanner online after the Auditor-General found potentially malicious files could be uploaded to the system.

“There were no data loss prevention controls in place to prevent unauthorised sharing of personal and medical information in PHOCUS, and WA Health did not monitor documents shared with external and unauthenticated parties. Poor controls can result in unauthorised disclosure of sensitive information and reputational damage to WA Health,” the report said.

Further, the report said WA Health’s third-party vendor had full access to the information in the production environment, which WA Health said was assessed and balanced against the need to build the system quickly; two administrator accounts were left over from a previous vendor; and vendor contracts lacked “important security requirements”.

In response to the audit, WA Health said due to implementing four other COVID-related systems at the same time, the issues were appropriately managed and balanced development speed, quality, and resource demands.

“No breach of privacy has occurred in relation to the system, continuous data cleansing and quality checking is undertaken, no inaccuracies in case status impacting management were found and no inappropriate use of the system was recorded,” the department said.

“This demonstrates the robustness of PHOCUS and that the data is well managed and secure.”

Related Coverage

WA government allocates AU$25.5m to expand cybersecurity services

The Office of Digital Government’s cybersecurity unit will score additional personnel under the funding.

Auditor finds WA Police accessed SafeWA data 3 times and the app was flawed at launch

WA Health released SafeWA check-in information for purposes other than COVID-19 contact tracing, with six requests being made by the police despite government messaging that the information would only be used to support contact tracing.

WA Auditor-General drags local governments over horrendous cyber risk management

Usage of out-of-date software came in for special treatment from the Western Australia Auditor-General, with one entity vulnerable to a 15-year vulnerability.

Western Australia sets out digital to-do list in first roadmap release

The hard border state is running 22 projects across 12 government agencies to get it a step closer to achieving its whole-of-government digital strategy.

328 weaknesses found by WA Auditor-General in 50 local government systems

The computer systems of 50 Western Australian local government entities were probed and the result was the finding of 328 control weaknesses, with 33 considered as significant by the Auditor-General.

[ad_2]

Source link

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin situs toto slot gacor maxwin slot gacor maxwin situs toto slot slot depo 10k toto slot toto slot situs toto situs toto toto slot toto slot toto slot toto togel slot toto togel situs toto situs toto toto slot slot gacor slot gacor slot gacor situs toto situs toto cytotec toto slot situs toto situs toto toto slot situs toto situs toto slot gacor maxwin slot gacor maxwin link slot 10k slot gacor maxwin slot gacor slot pulsa situs slot 10k slot 10k toto slot toto slot situs toto situs toto situs toto bandar togel 4d toto slot toto slot situs toto toto slot toto togel situs toto link situs toto situs toto toto slot situs toto slot gacor https://thebharatschool.com/ bandar togel bandar togel bandar togel toto togel 4d