Whether you’re an individual, part of an organisation or a private practice, it’s important to always be aware of potential cyber security issues. 

The critical nature of healthcare services, combined with the valuable information entrusted to them by consumers, suppliers and employees, the shift to digital systems and virtual care, can make health organisations a prime target for malicious and criminal attacks.

Cyber security threats

Cyber security threats can impede a healthcare organisation’s ability to provide necessary patient care. These threats come from various internal and external sources, such as:

  • Phishing – A hacker impersonates a trustworthy email source to entice users to click on a link. Through this means, hackers can obtain personal information, such as credit card numbers and passwords.
  • Malware – Software created to cause damage to a computer, a network, or another connected system. Malicious software can come in the form of a virus, a Trojan horse, spyware, and adware.
  • Ransomware – A type of malware that uses encryption to block access systems or threaten to publish user data unless a ransom is paid.
  • Theft of patient data – Stolen medical records can be used to conduct fraudulent activities, such as impersonating an individual in an attempt to receive reimbursement for healthcare services.
  • Insider threats – Individuals who have access to key systems willingly or mistakenly put them at risk. Insider threats in healthcare can come from employees, former employees, or contractors/vendors.
  • Hacked devices – From security camera sensors to handheld medical devices, billions of devices are connected to each other thanks to the internet of things. Hackers can take advantage of weak points in these connections to access systems with personal patient data.

Practical steps to protect against cyber attacks

  1. Build security awareness with the Digital Health Security Awareness eLearning course
  2. Keep your software up-to-date
  3. Use strong passwords and implement multi-factor authentication
  4. Back up your data regularly
  5. Do not respond to unsolicited phishing emails, texts and calls
  6. If you fall victim to ransomware, avoid paying the ransom.

Training and resources

For cyber security support

The Australian Cyber Security Hotline provides 24/7 support. Call 1300 CYBER1 (1300 292 371).

Murray PHN’s Digital Health Team can provide resources and referral information to assist practices to understand cyber security. Email digitalhealth@murrayphn.org.au for support.

Only a third of Australian Healthcare organisations embed cyber security awareness and training into their organisational policies and procedures

– Cyber Security Across the Australian Healthcare Sector 2018

Last Update: May 16th, 2024