Whether you’re an individual, part of an organisation or a private practice, it’s important to always be aware of potential cyber security issues.
The critical nature of healthcare services, combined with the valuable information entrusted to them by consumers, suppliers and employees, the shift to digital systems and virtual care, can make health organisations a prime target for malicious and criminal attacks.
Cyber security threats
Cyber security threats can impede a healthcare organisation’s ability to provide necessary patient care. These threats come from various internal and external sources, such as:
- Phishing – A hacker impersonates a trustworthy email source to entice users to click on a link. Through this means, hackers can obtain personal information, such as credit card numbers and passwords.
- Malware – Software created to cause damage to a computer, a network, or another connected system. Malicious software can come in the form of a virus, a Trojan horse, spyware, and adware.
- Ransomware – A type of malware that uses encryption to block access systems or threaten to publish user data unless a ransom is paid.
- Theft of patient data – Stolen medical records can be used to conduct fraudulent activities, such as impersonating an individual in an attempt to receive reimbursement for healthcare services.
- Insider threats – Individuals who have access to key systems willingly or mistakenly put them at risk. Insider threats in healthcare can come from employees, former employees, or contractors/vendors.
- Hacked devices – From security camera sensors to handheld medical devices, billions of devices are connected to each other thanks to the internet of things. Hackers can take advantage of weak points in these connections to access systems with personal patient data.
Practical steps to protect against cyber attacks
- Build security awareness with the Digital Health Security Awareness eLearning course
- Keep your software up-to-date
- Use strong passwords and implement multi-factor authentication
- Back up your data regularly
- Do not respond to unsolicited phishing emails, texts and calls
- If you fall victim to ransomware, avoid paying the ransom.
Selecting secure IT products and services
The Australian Digital Health Agency has put together a companion for the Information Security Guide for small healthcare businesses, with questions to ask your IT vendors. Click here to access the guide.
Training and resources
- Secure messaging for general practice newsletter (October 2023)
- Australian Digital Health Agency training and guides
- Cybersecurity in Primary Health webinar (November 2023 recording)
- Cyber Security for your Practice webinar (March 2023 recording)
For cyber security support
The Australian Cyber Security Hotline provides 24/7 support. Call 1300 CYBER1 (1300 292 371).
Murray PHN’s Digital Health Team can provide resources and referral information to assist practices to understand cyber security. Email digitalhealth@murrayphn.org.au for support.