White Hat Hacking with TDL | My Health Record and ATO Refund Scams

 My Health Record

The My Health Record started off with a flurry of colour and movement around the start of the 3 month ‘opt-out’ window for the federal governments’ MyHealth initiative. Whilst the choice to opt-out or keep your records in the system available to other health care professionals is an individual choice; this whole incident is worth looking at from a few different perspectives.

The first point being, the mistrust of the systems’ ability to be secure and reliable was almost immediately validated when it fell to its knees under the volume of people logging on to "opt-out" on Monday, thus confirming their view that the MyHealth infrastructure was not up to scratch.

The second point, is the lesson that a digital initiative on its own, is at risk of failure without effective communications and buy-in from the users of that system. It appears that the Australian public, as the owners of the data of this system, were not fully sold on the benefits and that forcing it to be an "opt-out" service rather that an "opt-in" service didn’t give the public much confidence.

The takeaway? When undertaking a digital transformation exercise, effective communication and marketing of the benefits is a key part of its ultimate success. If individuals are wary of their privacy or data being at risk then all the technology in the world won’t save it.

Tax Refund Scam

An alert on Stay Safe online has highlighted the latest phishing campaign underway. An unexpected refund from the ATO which, in itself should raise suspicion in most cases. Below is a copy of the email and the subsequent request for all the information the ATO already knows about you in any given case. As usual, organisations should be vigilant and make staff aware of seasonal campaigns such as this.

my Gov phishing scam

my Gov phishing scam

Security Awareness

Effective user awareness training and exercises are a key part of any organisation's security posture today. This article provides some good insights into how many training ‘initiatives’ are not much more than "box ticking" exercises and that awareness of the motivations of those wanting to steal information plus effective process is a step in the right direction.
Contact Us today to find out how Thomas Duryea Logicalis can support you with your organisation's security concerns and security posture.

Tags Security, Phishing, Hacking, Crypto


Contact us