Gai Brodtmann (Canberra, Australian Labor Party, Shadow Assistant Minister for Cyber Security and Defence) Share this | Link to this | Hansard source

Last week, the Turnbull government announced the rollout of phase 2 of My Health Record. The rollout means that every Australian's private health information will be stored online unless they opt out. Previous audits have shown a number of government agencies have failed when it comes to being cyber-resilient. The Department of Health, unfortunately, has not yet been audited to check if it is cyber-resilient and neither has the Australian Digital Health Agency, although I am heartened that the agency has got a cybersecurity centre. So I'm saying to the Prime Minister: let's talk about the cyber-resilience of My Health Record. Is the Department of Health cyber-resilient? Is the Australian Digital Health Agency cyber-resilient? Do they comply with ASD's mandated Top 4 mitigation strategies? Do they comply with the Essential Eight? What about access to data? What about the computers in every health professional's surgery, clinic and centre across Australia?

Last year's WannaCry attack on the National Health Service proved that the networks that aren't cybersecure down the supply chain are the biggest vulnerability to our systems. So I ask the Prime Minister: are there cybersecurity standards that are being applied to every part of the supply chain? For the Australian people to have faith in this system, the government must assure them that the Department of Health and the Australian Digital Health Agency are cyber-resilient.