1
00:00:00,080 --> 00:00:01,760
Speaker 1: So what is it with the health apps? A medimap

2
00:00:01,840 --> 00:00:04,040
Speaker 1: is used by up to sixty percent of care facilities.

3
00:00:04,080 --> 00:00:06,880
Speaker 1: Taken off line, patients records were altered comes just weeks

4
00:00:06,880 --> 00:00:09,319
Speaker 1: out to manage my health. Of course. Jeffrey Sayer is

5
00:00:09,400 --> 00:00:10,840
Speaker 1: medimaps director and is with us.

6
00:00:10,840 --> 00:00:12,119
Speaker 2: Good morning, Good morning, Mike.

7
00:00:12,360 --> 00:00:13,520
Speaker 1: Is this your worst nightmare?

8
00:00:15,760 --> 00:00:18,960
Speaker 2: Possibly? Possibly? I think the key part is how we

9
00:00:19,000 --> 00:00:21,959
Speaker 2: respond to it, and I think we're responding quite well

10
00:00:22,000 --> 00:00:22,280
Speaker 2: to that.

11
00:00:22,680 --> 00:00:24,680
Speaker 1: What's the state of play as you speak to us

12
00:00:24,720 --> 00:00:25,200
Speaker 1: this morning?

13
00:00:26,160 --> 00:00:28,960
Speaker 2: Okay, So where we're at. Just to give an update,

14
00:00:29,320 --> 00:00:32,000
Speaker 2: we discovered an incident on Sunday about one thirty pm.

15
00:00:32,760 --> 00:00:36,640
Speaker 2: We shut the system down for precaution and for containment,

16
00:00:37,280 --> 00:00:41,800
Speaker 2: and then we've involved independent experts to suppose a system

17
00:00:41,920 --> 00:00:45,559
Speaker 2: analysis of what the impact and the impact across the

18
00:00:45,640 --> 00:00:49,240
Speaker 2: different facilities and the impact across individual patients.

19
00:00:50,520 --> 00:00:51,320
Speaker 1: Do you know who it is?

20
00:00:52,960 --> 00:00:55,920
Speaker 2: No, these sorts of people don't necessarily say to you

21
00:00:56,040 --> 00:00:59,160
Speaker 2: they are. We've had no reason to believe this is

22
00:00:59,160 --> 00:01:02,240
Speaker 2: a cyber attack. Unfortunately, this is the case of someone's

23
00:01:02,240 --> 00:01:06,360
Speaker 2: stealing credentials and using those credentials of a legitimate user

24
00:01:06,400 --> 00:01:08,920
Speaker 2: of medimap to cause this harm.

25
00:01:09,240 --> 00:01:11,920
Speaker 1: So is it a hack? Would you call it a heck?

26
00:01:12,000 --> 00:01:14,880
Speaker 1: Or is it potentially someone the fairious who's got access

27
00:01:14,920 --> 00:01:17,440
Speaker 1: to your system anyway and using it for other purposes.

28
00:01:18,280 --> 00:01:21,800
Speaker 2: Yeah. What people would imagine a cyber hack is is

29
00:01:21,959 --> 00:01:24,800
Speaker 2: you've come in and brute force and you've gone through

30
00:01:24,840 --> 00:01:27,800
Speaker 2: a vulnerability in the software or the platform. This has

31
00:01:27,840 --> 00:01:30,720
Speaker 2: not been the case. They've used credentials to come in

32
00:01:30,920 --> 00:01:33,639
Speaker 2: for all intent purposes. They look like a regular user,

33
00:01:34,120 --> 00:01:36,080
Speaker 2: but what they started to do was not what a

34
00:01:36,120 --> 00:01:39,240
Speaker 2: regular user does, which is why we shut the system

35
00:01:39,319 --> 00:01:42,440
Speaker 2: down and contained it and are now working with forensic

36
00:01:42,520 --> 00:01:47,000
Speaker 2: experts and government or agencies to understand what's happened and

37
00:01:47,040 --> 00:01:49,480
Speaker 2: then how do we bring this back online for people.

38
00:01:49,800 --> 00:01:52,320
Speaker 1: So, this, to be clear, is different from manage my health.

39
00:01:53,520 --> 00:01:55,880
Speaker 2: Yes you would now I'm not one hundred percent intiment

40
00:01:55,960 --> 00:01:58,720
Speaker 2: with manage my health. But yes, this is someone's use

41
00:01:58,800 --> 00:02:02,800
Speaker 2: credentials as an individal and cause his arm would difference?

42
00:02:03,200 --> 00:02:06,000
Speaker 1: Will you give it given? So this is what you'd

43
00:02:06,040 --> 00:02:08,680
Speaker 1: loosely call an FBI circles an inside job. If it's

44
00:02:08,720 --> 00:02:10,760
Speaker 1: an inside job, you'll be able to trace it, won't you.

45
00:02:11,760 --> 00:02:16,639
Speaker 2: We can trace it to a profile I suppose best

46
00:02:16,680 --> 00:02:19,600
Speaker 2: way to describe it mode, But we subsequently have become

47
00:02:19,639 --> 00:02:23,320
Speaker 2: aware that that profile quite possibly had been compromised with

48
00:02:23,360 --> 00:02:24,200
Speaker 2: their credentials.

49
00:02:24,320 --> 00:02:26,120
Speaker 1: Okay, what do they want?

50
00:02:26,240 --> 00:02:26,600
Speaker 2: What? What?

51
00:02:26,600 --> 00:02:28,680
Speaker 1: What would you thinking at this point be as to

52
00:02:28,720 --> 00:02:31,080
Speaker 1: what they want? You know, Charlie Kirk and people are

53
00:02:31,120 --> 00:02:32,800
Speaker 1: dead and they're not there. Is this some sort of

54
00:02:32,800 --> 00:02:34,160
Speaker 1: what they would call a activist?

55
00:02:35,480 --> 00:02:37,320
Speaker 2: I wouldn't. I don't want to drag this in the

56
00:02:37,360 --> 00:02:41,520
Speaker 2: political sort of agitation speech to keep out for us

57
00:02:41,560 --> 00:02:44,480
Speaker 2: to understand how we're going to get patient care back focused.

58
00:02:45,200 --> 00:02:47,400
Speaker 2: That's the focus for us. I'm not going to suggest

59
00:02:47,680 --> 00:02:50,280
Speaker 2: understand the minds of people who are prepared to do this,

60
00:02:50,800 --> 00:02:53,880
Speaker 2: but for us, we're really focused on helping facilities to

61
00:02:53,919 --> 00:02:56,600
Speaker 2: do a great job, and we're helping those help them

62
00:02:56,639 --> 00:02:59,040
Speaker 2: with their patients as well. We won't get dragged in

63
00:02:59,200 --> 00:03:01,160
Speaker 2: to make this app platform for everyone.

64
00:03:01,320 --> 00:03:04,200
Speaker 1: But in terms of security though, I mean manage my health,

65
00:03:04,240 --> 00:03:06,639
Speaker 1: in my humble opinion, didn't do a very good job.

66
00:03:07,240 --> 00:03:09,119
Speaker 1: If it's an inside job on your part, you would

67
00:03:09,240 --> 00:03:13,960
Speaker 1: argue still that given your specific circumstances, your security is solid,

68
00:03:14,000 --> 00:03:16,600
Speaker 1: you run a decent program, and trust isn't an issue

69
00:03:16,600 --> 00:03:18,520
Speaker 1: for the people who pay you money for your service.

70
00:03:19,680 --> 00:03:22,600
Speaker 2: We would argue that, but obviously with these events, you

71
00:03:22,639 --> 00:03:25,720
Speaker 2: obviously would look at this, take stock, get advice. We've

72
00:03:25,760 --> 00:03:28,840
Speaker 2: obviously got various people assisting us to make sure we're suck.

73
00:03:29,000 --> 00:03:32,000
Speaker 2: We've got to be correct you. We can't be incorrect,

74
00:03:32,000 --> 00:03:35,040
Speaker 2: slightly or mostly correct, So it's really important that we

75
00:03:35,280 --> 00:03:39,760
Speaker 2: get that information correct. It's also an opportunity to actually

76
00:03:39,840 --> 00:03:42,560
Speaker 2: understand how this has happened, how can we prevent it,

77
00:03:42,560 --> 00:03:44,680
Speaker 2: how can we harden the systems up. You would always

78
00:03:44,720 --> 00:03:48,240
Speaker 2: want to. Unfortunately, you've got to keep pace with the

79
00:03:48,720 --> 00:03:49,520
Speaker 2: bad guys, all.

80
00:03:49,440 --> 00:03:52,200
Speaker 1: Right, Jeffer, appreciate it. Jeffrey Sayer, who's MEDIMAP directories wh

81
00:03:52,320 --> 00:03:54,240
Speaker 1: us out of Sydney this morning, so we appreciate them

82
00:03:54,240 --> 00:03:57,240
Speaker 1: getting up early. For more from the Mic Asking Breakfast,

83
00:03:57,400 --> 00:04:00,720
Speaker 1: listen live to news Talks it'd be from six weekdays,

84
00:04:00,960 --> 00:04:03,000
Speaker 1: or follow the podcast on iHeartRadio