The Australian Cyber Security Centre (ACSC) is aware of recent ransomware campaigns targeting the aged care and healthcare sectors. Cyber criminals view the aged care and healthcare sectors as lucrative targets for ransomware attacks. This is because of the sensitive personal and medical information they hold, and how critical this information is to maintaining operations and patient care. A significant ransomware attack against a hospital or aged care facility would have a major impact.
The ‘Maze’ ransomware is designed to lock or encrypt an organisation’s valuable information, so that it can no longer be used, and has been observed being used alongside other tools which steal important business information. Cyber criminals may then threaten to post this information online unless a further ransom is paid. This is especially effective in the aged care and healthcare sectors.
If Australian organisations are infected by the Maze ransomware, they should seek assistance in the first instance from the ACSC via 1300 CYBER1. We encourage reporting cyber security incidents to enable the ACSC to alert and assist a broader range of organisations, and understand the scope and nature of cyber intrusions.
Read the ACSC advice on mitigating the threat of ransomware. Keeping software up to date and having current backups stored offline is the best way to protect your organisation from a ransomware attack.
Never pay a ransom demand
We recommend you do not pay the ransom if affected by the Maze ransomware. There is no guarantee paying the ransom will fix your devices, and it could make you vulnerable to further attacks. Restore your files from backup and seek technical advice.
Identify and backup critical information and systems
Backing up and restoring your files offers peace of mind and makes it faster and easier to get up and running again following a ransomware attack.
Keep your systems and software up to date through regular patching
All your personal or business devices including your phone, tablet, computer or laptop use software to run, such as operating systems like Microsoft Windows or Apple MacOS; and antivirus, web browsers or word processors at work. Read more about patching software.
Use antivirus software and keep it up to date
Install antivirus software on all devices and set the software to automatically check for updates on a daily basis.
The federal government has finally unveiled its delayed cyber security strategy but left much of the detail to forthcoming legislation that is yet to be put before parliament.
The 52-page strategy [pdf], released on Thursday, will see $1.67 billion invested in a number of already-known initiatives aimed at enhancing Australia’s cyber security over the next decade.
Much of the funding is from the previously announced $1.35 billion cyber enhanced situational awareness and response (CESAR) package.
The strategy’s key elements include proposed laws and an “enhanced regulatory framework” to secure critical infrastructure, deemed the “best way to protect Australians at scale”.
The new framework will outline the government’s minimum expectation, including an “enforceable positive security obligation for designated critical infrastructure entities”.
“These powers will ensure the Australian Government can actively defend networks and help the private sector recover in the event of a cyber attack,” the strategy states.
“The nature of this assistance will depend on the circumstances, but could include expert advice, direct assistance or the use of classified tools.
“This will reduce the potential down-time of essential services and the impact of cyber attacks on Australians.”
The framework, which will be delivered through amendments to the Security of Critical Infrastructure Act, is also expected to extend to systems of national significance.
While much of the focus on critical infrastructure is ensuring assets are properly defended during a cyber attack, the government will also assist operators to “enhance their cyber security posture”.
It will do this by using the proposed $62.3 million “classified national situational awareness capability”, funded in the CESAR package, to response to threats against critical infrastructure.
Critical infrastructure operators will similarly be able to share intelligence about malicious cyber activity through the government’s $35 million cyber threat-sharing platform, which has been on the cards for several years.
Further afield, the government is also considering additional “legislative changes that set a minimum cyber security baseline across the economy”.
It will also expand the cyber security incident exercise program run by the Australian Cyber Security Centre to improve how government and businesses prepare for incidents.
Secure government hubs
With departments and agencies continuing to struggle to implement rudimentary cyber security controls, government systems and data are key concerns.
In a bid to uplift cyber resilience, the government is planning to “centralise the management and operations of the large number of networks” run by agencies as a priority.
The strategy said that centralising networks would allow the government to “focus its cyber security investment on a smaller number of more secure networks”.
“A centralised model will be designed to promote innovation and agility while still achieving economies of scale,” the strategy states.
It also plans to explore the creation of “secure hubs” to reduce the number of networks that hostile actors can target even further, though the strategy does not elaborate on what this might look like.
Standard cyber security clauses will also be introduced into government IT contracts to avoid unnecessary risks.
The strategy notes that federal, state and territory agencies were the target of 35.4 percent of the 2266 cyber security incidents that the ACSC responded to in the 2019-20 financial year.
Around the same number of incidents impacted critical infrastructure providers in the healthcare, education, banking, water, communications, transport and energy sectors.
The government will also provide law enforcement agencies with $124.9 million to strengthen their ability to counter cyber crime, including $89.9 million for the Australian Federal Police.
The funding will sit alongside planned legislation that will assist the AFP to identify individuals engaging in serious criminal activity on the dark web.
The ACSC will also receive a further $31.6 million to improve its ability to counter cyber crime offshore and assist federal, state and territory law enforcement to identify and disrupt cyber criminals.
“The Australian Government will ensure it has fit-for-purpose powers and capabilities to discover target, investigate and disrupt cyber crime, including on the dark web,” the strategy states.
The strategy also outlines the government’s $63.4 million plan to assist small and medium enterprises (SMEs) to uplift their cyber security capabilities with the help of large businesses.
One such initiative will see large businesses and service provider provide SMEs with ‘bundles’ of secure services such as threat blocking and antivirus, as well as other awareness training.
“Integrating cyber security products into other service offerings will help protect SMEs at scale and recognises that many businesses cannot employ dedicated cyber security staff,” the strategy states.
The government also plans to “provide online training and a 24/7 helpdesk for SMEs that needs cyber security advice or assistance”.
COVIDSafe was sold as Australia’s ticket out of lockdown. But almost three months since launch in late April, its impact is hard to measure.
Victoria has accessed data from the app almost 400 times, but health authorities are yet to point to any potential COVID-19 exposure that was not picked up by manual contact tracing.
In New South Wales, app data has been extracted 23 times. In one instance, a person whose contact details were unavailable during manual contact tracing was contacted using app data.
But COVIDSafe’s ability to reliably transmit and collect encrypted codes using Bluetooth from other apps remains under scrutiny.
And there is another option.
In May, Google and Apple launched an exposure notification API or framework built into their devices’ operating systems that allows health authorities to build their own apps, and ostensibly helps the technology perform better with less bugs and workarounds.
Germany and Ireland, as well as a handful of other European countries, have now launched their own COVID-19 exposure notification apps using the Google-Apple framework.
So how do they compare to COVIDSafe?
A centralised or a decentralised model
COVIDSafe and apps built using the Apple-Google API both deploy Bluetooth to create an encrypted log of random codes from other devices with the app, that come into close range.
But Ireland’s COVID Tracker app and Germany’s Corona-Warn-App differ when it comes to the next step.
Broadly, if someone tests positive for the virus and has one of those apps, they can voluntarily make their weeks of random codes available to the exposure notification system.
Each individual app regularly checks the exposure codes they have stored against ones the system has identified as belonging to an infected person.
If there is a match, they receive a warning notification on their phone and can then choose to get in touch with a doctor.
All the data processing is done on the device.
In contrast, if someone with COVIDSafe is diagnosed with the virus, health authorities may ask them to share their app’s data with a central database. Then those random codes will be sorted into close contacts (1.5 metres for upwards of 15 minutes) and used by local health authorities to track potential exposures.
Ireland and Germany’s apps operate more as a warning system and offer much less information to authorities.
That lack of centralised data collection is part of what makes security expert Vanessa Teague, chief executive of Thinking Cybersecurity, believe Australia should move to the Google-Apple API.
“It has this huge privacy advantage,” she said.
And although we do not yet have sufficient empirical data comparing the performance of available models, she suggested it’s likely apps built using the Google-Apple framework will work more reliably than COVIDSafe because the Bluetooth detection technique is built into the devices’ operating systems.
“By work, I mean, when two people are near each other, the likelihood that it exchanges the pings it’s supposed to exchange is likely to be a lot higher,” she said.
Are apps built using the Google-Apple API a success?
Like in Australia, German and Irish authorities have been quick to boast about download figures.
Germany launched its app in mid-June. As of July 23, the Corona-Warn-App has registered 16.2 million downloads, according to the Robert Koch Institute, in a country with a population of more than 80 million.
Ireland’s Health Services told the ABC that almost 1.4 million people have downloaded the app since July 7 — out of almost 5 million people — and 91 COVID Tracker app users have received an exposure alert.
But like in Australia, where the app has been downloaded more than 6 million times, there are few metrics publicly available to understand the app’s contribution to pandemic control, or even how many people have the app open and working each day.
In Germany, about 660 people who were shown to test positive for SARS-CoV-2 had the opportunity to warn others via the app by July 20.
“However, we cannot say exactly how many people were warned because of the decentralized approach of the app,” the president of the Robert Koch Institute Professor Lothar H. Wieler said in a recent statement.
Stephen Farrell, a computer security researcher at Trinity College Dublin, said questions remained for the Australian and European apps when it comes to the ability of Bluetooth to accurately gauge distance — and so, to accurately identify close contacts.
“It suffers that same challenges with Bluetooth proximity detection in terms of making it reliable in all sorts of contexts,” he said. “Handsets in all different positions, in pockets, in handbags … walking, cycling.”
Dr Farrell suggested it will ultimately be difficult to definitively measure the impact of this technology.
We need to know how many people who would have been missed by manual contract tracing are caught by the app, he suggested. And of those people, how many are false positives or true positives.
Privacy concerns remain
As well as privacy bugs found after the launch of COVIDSafe, its centralised method of data collection has been an ongoing focus for security researchers.
But there is also concern in Europe that exposure notification apps built using the Google-Apple API could be used to track location, especially on Android.
The implementation of Bluetooth on Android has long (and wrongly, in her view) been “inextricably linked” to location permissions Dr Teague said, as some non-contact tracing apps use the technology to work out a user’s location.
For example Bluetooth beacons in a shopping centre, she said, could be used to serve users with hyper-specific advertising.
“The implication is, if you’re not going to let Google track your location, then you’re not using Bluetooth scanning.”
The COVIDSafe version of Android as well as apps made using the Google-Apple API ask for location permission when the app is downloaded — although all insist location is not recorded as part of the contact tracing process.
“In keeping with our privacy commitments for the Exposure Notification API, Google does not receive information about the end user, location data, or information about any other devices the user has been in proximity of,” a Google spokesperson said.
Professor Alexandra Dmitrienko, head of Secure Software Systems Research Group at the University of Würzburg, is troubled that location services must be turned on when using the exposure notification API on Android.
While many people may choose to use products like Google Maps and have location services operating, she suggested those that do not are forced into a choice: allow location permissions when downloading the German app or give up the ability to use your country’s public health app.
As more countries accept the Apple-Google solution, she is also concerned about the control being ceded to the two technology giants.
“As an expert in security and privacy, I see … that we give too much power to two American companies,” she said.
Could Australia move to the Google-Apple API?
As it stands, Australia’s COVIDSafe would have to fundamentally change its approach to use the Google-Apple API.
The companies’ API rules stipulate that a government can only request and not require users to share personal information such as a phone number.
COVIDSafe requires these details upon sign up. Ireland’s COVID Tracker app on the other hand asks only for opt-in metrics.
Minister for Government Services Stuart Robert said the Government is open “to improving [the] technology” if it maintains a key role for health officials in the process.
“The current structure of the Google-Apple API does not do that,” he said.
“We will continue to work with Google and Apple, particularly to see if they can remove their barriers in allowing a sovereign tracing app — that has health professionals at its core — access to improved Bluetooth functionality”.
Ultimately, it may still be too early to say whether any piece of technology can be the pandemic silver bullet so many countries are after.
Professor Dmitrienko thinks it’s too early to know how effective these apps are.
“[The] general opinion is that this technique cannot really replace the manual contact tracing, but it can be complementary,” she said.
But then, there’s the price tag.
By some estimates, COVIDSafe has reportedly cost around $2.75 million in contractors fees.
Not long after news of a virus outbreak in the Chinese city of Wuhan began to spread worldwide, this image hit the internet:
Some people claimed it was a map of Wuhan travellers across the 2020 Lunar New Year. Tabloids in the United Kingdom picked it up. Channel 7’s Sunrise used it in a live segment.
But it did not represent the outbreak. It showed a year’s worth of flights, from nine years ago.
After a summer of devastating bushfires and the upheaval brought by coronavirus, the first six months of 2020 have been defined by immense change — and we’ve all been looking for answers.
A study by the News and Media Research Centre found that even at the beginning of this year, Australia’s demand for news surged. Nearly half of those surveyed got their news online.
For Anne Kruger, this triggered alarm bells. The Australia Pacific lead for global fact-checker First Draft news told The Drum we’re in the perfect conditions for fake news to flourish.
“While you’re waiting for information to come out, people are scrambling around to get what they can,” she says.
Over the summer of bushfires, fake news gripped our feeds. Misleading maps went viral. Images were picked up and shared by high-profile celebrities.
Know your fake news: How to spot a fraud
In late January, a “Queensland Health” media release circulated online, advising against “nonessential travel to Wuhan, China, Sunnybank, Runcorn” and several other locations.
Using a familiar format and an official logo, it looked like any other government document. But very quickly, state MP Duncan Pegg stepped in to call it out. It was a fake.
As technology develops, fake news is getting more sophisticated. But there are a few key markers to test if you’re unsure if what you’re reading is real.
The first is language: how is the issue being discussed?
When the fake Queensland Health statement was released, many were quick to pick up that only suburbs with higher Chinese-Australian populations were singled out.
“If you look closer at the language you could just tell they were picking on them. It didn’t seem quite right,” says Anne Kruger.
Fake news tends to take advantage of our tendency to share content that evokes an emotional response.
They want your like, your share — even your angry reaction.
The second marker involves a good old-fashioned profile stalk. Namely, who, where and when.
“Look at ‘who is this person, where are they and what else have they posted or shared in the past?’,” says Anne Kruger.
“Quite often, I’ve found accounts that have been set up literally the same week or month that there’s been a particular issue they’ve wanted to criticise or comment on.”
Finally, try to work out why the post is being shared in the first place. First Draft News boils it down to three broad areas. The first is power; anyone looking to push an ideology, politics — even conspiracy people.
The other is financial gain. Is someone trying to get your money through this post? Whether it be a donation, merchandise, or a product.
And finally: it could just be general mischief. Each area shows how vast and varied fake news content can be.
So, how do we fight it?
The first step is simple: wait.
“I always say, have that seven-second delay before you like anything, before you send anything, because you’re feeding the algorithm,” says Anne Kruger.
If you think an image, a tweet or a story looks a bit dodgy, do not engage.
However, if you want to do your part in stamping misinformation or disinformation out, Anne Kruger recommends you try to verify it — with the help of experts.
“If you find something that’s suss, send it in as a tip to your reliable news organisation.”
First Draft News is leading a coordinated effort to stamp out fake news. Twelve organisations have come together to identify, document and expose it.
Kruger says even just sending in a screenshot can be a significant help in filling a ‘data void’.
“It’s just too much information for newsrooms to do this alone; too many groups to follow and monitor.”
Well-known maker of avionics equipment and activity trackers Garmin is believed to be the latest victim of a large-scale ransomware attack that has seen the Taiwanese company’s IT and communications systems shut down.
Garmin has yet to say what is causing the outage but confirmed that most of its online properties are offline, along with its call centres, email system and online chats.
A Taiwanese news site, iThome, posted what it says is an internal email from Garmin.
In the email, Garmin staff say the company’s servers and databases have been attacked, and that production in the Taiwanese factory will be closed down for two days as a result.
The company’s Connect system status page lists all of its 18 activity tracking features as being down, with the outage first reported just over half a day ago.
Garmin’s website for pilots, FlyGarmin.com, carries a large alert about the current service outage, with no time of service restoration given.
Users have been unable to sync their data with Garmin’s services, with some expressing concern on social media about the safety of their health data that was uploaded to the Taiwanese company.
Criminals are increasingly targeting larger companies such as car manufacturer Honda that was recently hit by ransomware.
“Ransomware was mainly the bane of smaller businesses, but now the groups are successfully hunting ever bigger game,” threat analyst Brett Callow from security vendor Emsisoft told iTnews.
That means bigger ransoms, which in turn means the groups have more to invest in ramping up their operations in terms of both scale and sophistication,” Callow said.
Callow advised ransomware victims not to pay the criminals.
He added that if nobody paid the extortionists, the ransomware scourge would stop and go away.
Documents reveal how the Australian Federal Police made use of Clearview AI — a controversial facial recognition technology that is now the focus of a federal investigation.
At least one officer tested the software using images of herself and another member of staff as part of a free trial.
In another incident, staff from the Australian Centre to Counter Child Exploitation (ACCE) conducted searches for five “persons of interest”.
According to emails released under Freedom of Information laws, one officer also used the app on their personal phone, apparently without information security approval.
Based in New York, Clearview AI says it has created a tool that allows users to search faces across a database that contains billions of photos taken, or “scraped”, without consent from platforms such as Facebook and Instagram.
The company provoked outrage in January, when the New York Times revealed the extent of its data collection and its use by law enforcement officials in the United States.
The AFP initially denied any ties to Clearview AI before later confirming officers had accepted a trial.
An agency spokeswoman said a “limited pilot of the system” was conducted to assess its suitability in combatting child exploitation and abuse.
She did not comment on questions from the ABC regarding whether the trial was approved and conducted appropriately by officers.
Last week, the Office of the Australian Information Commissioner (OAIC) announced an investigation into Clearview’s use of scraped data and biometrics, working with the UK’s Information Commissioner’s Office (ICO).
AFP initially denied using Clearview AI
The AFP acknowledged in April that members of the ACCE had undertaken a free trial of Clearview’s facial recognition services, but the extent of its use by officers remained unclear.
No formal contract was ever entered into.
“The use by AFP officers of private services to conduct official AFP investigations in the absence of any formal agreement or assessment as to the system’s integrity or security is concerning,” Labor leaders, including Shadow Attorney-General Mark Dreyfus, said in a statement at the time.
The new cache of AFP documents shows officers accessed the Clearview AI platform from early November 2019.
Tests of the tool undertaken using images of AFP staff and several “persons of interest” are detailed in the agency’s response to questions issued by the information commissioner as part of the office’s inquiries.
However, the agency said it did not know how many actual searches officers undertook, because the AFP’s access to Clearview AI was now restricted.
An executive briefing note claims Clearview AI was used operationally only once to locate a suspected victim of imminent sexual assault.
“To date no Australian personal information has been successfully retrieved through the Clearview platform,” the briefing also states.
The use of Clearview AI appears to have caused concern within the agency — and in some cases, officers appear to query whether the tool has been formally approved.
In December 2019, one officer asks if “info sec” (information security) had raised any concerns about the use of Clearview AI.
In response, another officer responds they “haven’t even gone down that path yet”, revealing that they’re “running the app” on their personal phone.
In January, after the media began reporting about Clearview AI, another member of staff notes “there should be no software used without the appropriate clearance”.
The emails also show some bemusement internally at public claims the AFP was not using the tool, with one officer commenting: “Maybe someone should tell the media that we are using it!”
“Or should we stop using it since everyone is raising the issue of approval,” another replies, with a smiley face emoji.
“Interesting that someone says we aren’t using it when we clearly are,” another employee from the ACCCE wrote on January 21.
Officers were directed to cease all access as of January 22, 2020 — four days after the New York Times story was published.
Clearview AI was founded by Australian businessman Hoan Ton-That.
In the documents, he appears to contact an AFP officer personally via email in December 2019 — introducing himself and asking them how they found the tool.
In a statement, Dr Ton-That said Clearview would cooperate with the UK’s ICO and Australia’s OAIC.
“Clearview AI searches publicly available photos from the internet in accordance with applicable laws,” he said. “It’s powerful technology [and] is currently unavailable in UK and Australia.”
Shortly after Mr Ton-That’s December message, an AFP officer wrote in an email that they had run a mugshot through the Clearview system and “got a hit for [the suspect’s] Instagram account”.
“The [facial recognition] tool looks very good,” they wrote.
Microsoft’s LinkedIn was sued by a New York-based iPhone user on Friday for allegedly reading and diverting users’ sensitive content from Apple’s Universal Clipboard application.
According to Apple’s website, Universal Clipboard allows users to copy text, images, photos, and videos on one Apple device and then paste the content onto another Apple device.
According to the lawsuit filed in San Francisco federal court by Adam Bauer, LinkedIn reads the Clipboard information without notifying the user.
LinkedIn did not immediately respond to Reuters request for comment.
According to media reports from last week, 53 apps including TikTok and LinkedIn were reported to be reading users’ Universal Clipboard content, after Apple’s latest privacy feature started alerting users whenever the clipboard was accessed with a banner saying “pasted from Messages.”
“These “reads” are interpreted by Apple’s Universal Clipboard as a “paste” command,” Bauer’s lawsuit alleged.
A LinkedIn executive had said on Twitter last week that the company released a new version of its app to end this practice.
Developers and testers of Apple’s operating system iOS 14 found that LinkedIn’s application on iPhones and iPads “secretly” read users’ clipboard “a lot,” according to the complaint.
The lawsuit seeks to certify the complaint as class action based on alleged violation of the law or social norms, under California laws.
According to the complaint, LinkedIn has not only been spying on its users, it has been spying on their nearby computers and other devices, and it has been circumventing Apple’s Universal Clipboard timeout.
Australia’s privacy watchdog will probe the personal information handling practices of Clearview AI after several policing agencies admitted to having used the controversial facial recognition tool.
The Office of the Australian Information Commissioner (OAIC) on Thursday opened a joint investigation into the software with the United Kingdom’s Information Commissioner’s Office (ICO).
The tool, which is targeted at law enforcement agencies, is capable of matching images with billions of others from across the internet, including social media, to find persons of interest.
As part of the probe, OAIC and its overseas counterpart will look at Clearview AI’s “use of ‘scraped’ data and biometrics of individuals”, as well as how it manages personal information more broadly.
“The investigation highlights the importance of enforcement cooperation in protecting the personal information of Australian and UK citizens in a globalised data environment,” the OAIC said in a brief statement.
“In line with the OAIC’s privacy regulatory action policy, and the ICO’s communicating our regulatory and enforcement activity policy, no further comment will be made while the investigation is ongoing.”
The investigation follows preliminary enquiries by OAIC earlier this year after the tool was revealed to have been used by 2200 law enforcement agencies globally, including the Australian Federal Police and the Queensland, Victoria and South Australia police forces.
While the four policing agencies initially denied that the software had been used, the AFP and Victoria Police have since been forced to admit to having briefly trialled the tool from late 2019.
The AFP confirmed in answers to questions on notice that seven officers from the Australian Centre to Counter Child Exploitation had used the tool to conduct searches after being sent trial invitations from Clearview AI.
Victoria Police, similarly, confirmed in a freedom of information request that several officers from the Joint Anti-Child Exploitation Team had run more than 10 searches using the tool after signing up.
Both agencies stressed that Clearview AI had not been adopted as an enterprise product and that no formal commercial agreements had been entered into.
The NSW government has set up a cyber security vulnerability management centre in Bathurst, which will start operating next month.
The centre will be operated by Cyber Security NSW, the new name given to what was formerly the Office of the Government Chief Information Security Office.
It will provide the NSW government with an increased awareness of vulnerabilities in internet-facing services and assets,” Customer Service Minister Victor Dominello said in a statement.
“It will deliver a vital, sector-wide risk management capability and is critical to ensuring enhanced monitoring of at-risk government systems, as well as early identification and remediation of known vulnerabilities.
“Early detection of vulnerabilities and the ability to report them to the relevant agencies and departments is essential to improving our cyber security.”
The government added that the centre “will provide ongoing and automated vulnerability scanning across departments and agencies, and as capability develops, other services will be introduced.”
The centre is the first of its kind in NSW and will employ eight Bathurst-based cyber security staff.
It will also see Cyber Security NSW work in partnership with UpGuard “to provide the NSW Government with greater capabilities to detect and manage internet-facing vulnerabilities and data breaches.”
The centre’s establishment comes as the NSW government prepares to invest $240 million into cyber security over the next three years.
It also comes as news reports emerge of the state government being a major target of a potentially state-based attack.
When it launched, COVIDSafe was marketed as Australia’s ticket out of lockdown, so long as everyone downloaded it.
“If you want to go outside when the sun is shining, you have got to put sunscreen on. This is the same thing,” Prime Minister Scott Morrison said at the time.
Two months on, state and territory health departments are yet to declare the app has identified any people exposed to COVID-19 who weren’t already found by traditional contact tracers.
And as the app’s technical challenges have been revealed, public health experts are questioning whether the app is a distraction from the “real work” of controlling coronavirus.
It’s too early to provide a verdict, but it is common for technologies to be presented as “our knights in shining armour” during a pandemic, according to Julie Leask, a public health and infection disease specialist at Sydney University.
It’s human to see something we can hold, something that’s tangible, as more helpful than “the more invisible human behaviours and public health capacities that are still at the heart of our control of [COVID-19]”, she said.
A Health Department spokesperson said all its communications about COVIDSafe highlight the app as just one important tool in controlling COVID-19.
“Communication clearly places the app alongside the need for physical distancing, good hygiene and the importance of staying at home if unwell (and getting tested),” she said.
The risk of complacency
As the country faces a spike of cases in Victoria, some public health experts are concerned the Government’s comparison of the app to sunscreen could make Australians complacent.
Often the hardest thing for people to change about their health is their behaviour, according to Adam Dunn, who leads biomedical informatics and digital health at the University of Sydney.
“It’s much easier to prescribe someone medication … than convince them to completely change their lifestyle,” he said.
While a simple technical solution to the coronavirus lockdown is an attractive idea, it’s not so easy.
Holly Seale, a senior lecturer at UNSW’s School of Public Health and Community Medicine, said focusing on the app’s benefits to the individual may have raised expectations beyond what is technologically possible.
Instead, Dr Seale suggested public health campaigns should focus on its collective benefit to the contact-tracing process.
Today the “Stay COVID free and do the 3” catchphrase is used in advertisements, a Health Department spokesperson said, to encourage Australians to download the app as well as maintain hygiene and distancing.
And the Government is speaking about it less often. In the two weeks after launch, the Prime Minister Scott Morrison mentioned COVIDSafe in 14 press conferences, interviews and media releases that are transcribed on his website. He’s mentioned it just once in the past two weeks.
A technical quick fix
A technical solution to the coronavirus lockdown is an attractive narrative — and one both the Government and many parts of the media ran with.
But Dr Leask said caution was necessary, especially as the public was presented with little evidence for the app’s effectiveness.
“As the saying goes, with every complex problem there’s a solution that’s simple, clear and usually wrong,” she said.
Modelling released today by the public health think tank the Sax Institute suggests a second wave of COVID-19 infections in Australia is likely if social-distancing measures and testing decline.
The research found that in this scenario, the COVIDSafe app could help curb the number of infections.
But this modelling makes some assumptions: that uptake of the app reaches more than 60 per cent of the Australian population, and that the app works as it is intended to.
Sax Institute senior simulation modeller Danielle Currie said that while COVIDSafe had not reached these targets yet, the modelling was reason for optimism.
“What our work shows is that using the app and promoting it widely is worthwhile, assuming that there are technological improvements. This should give the Government confidence to continue its pushing,” she said.
Dr Currie said the app could still prove to be helpful in places like Victoria where there are outbreaks.
“If there’s not many cases, the app won’t pick it up. But if we do get a lot — and the model suggests we might — it could be very helpful,” she said.
The other options
So, could the time, millions of dollars and effort spent on COVIDSafe have been invested elsewhere instead, to better effect? There’s no single answer.
As a behavioural researcher, Dr Leask would like more funding for public health research — how to provide better messaging for communities where English is not their first language, for example.
And in Dr Dunn’s view, Australia would have benefited from more communication about contact tracers and the work they do, as well as more financial support for such teams overall.
For others, masks are the issue of the day. Epidemiologist Mary-Louise McLaws, who advises the World Health Organization (WHO), hopes Australian authorities implement firm guidelines on face masks, because currently the Government doesn’t recommend them.
The WHO initially said healthy people did not need to wear masks but later revised its advice, recommending their use whenever social distancing was impossible.
“[The Government] should be telling people to wear a mask on public transport in or outside of hotspots. It really stands to reason that they should be enforcing masks in some situations,” Dr McLaws said.
Lidia Morawska, who is an expert in aerosol science at the Queensland University of Technology, is frustrated the potential airborne transmission of COVID-19 has been overlooked by authorities.
She makes the case for concrete guidelines on ventilation of high-traffic venues like restaurants, cafes and churches so people aren’t at risk from potentially infected particles lingering in the air.
If the cafe you’re sitting in for a few hours doesn’t know much about the science of air movement, which is pretty likely, this could be problematic, Dr Morawska said.
“We need investment in proper guidelines about ventilation to protect people indoors from infection transmission,” she said. “Researchers have been calling for this since SARS-CoV-1.”
There’s still much to learn about aerosol transmission of COVID-19. The WHO has acknowledged its danger in clinical settings, but is waiting for more peer-reviewed research to assess its risk in other environments.
In the end, Dr Leask believes Australia’s best solutions for controlling COVID-19 remain those that have proven their worth time and again.
“Looking back, you can’t beat good old-fashioned public health … when you don’t yet have a vaccine or a treatment that’s established as being really effective,” she said.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.