Cyber security

Whether you’re an individual, part of an organisation or a private practice, it’s important to always be aware of potential cyber security issues. 

The critical nature of healthcare services, combined with the valuable information entrusted to them by consumers, suppliers and employees, the shift to digital systems and virtual care, can make health organisations a prime target for malicious and criminal attacks.

Cyber security threats

Cyber security threats can impede a healthcare organisation’s ability to provide necessary patient care. These threats come from various internal and external sources, such as:

  • Phishing – A hacker impersonates a trustworthy email source to entice users to click on a link. Through this means, hackers can obtain personal information, such as credit card numbers and passwords.
  • Malware – Software created to cause damage to a computer, a network, or another connected system. Malicious software can come in the form of a virus, a Trojan horse, spyware, and adware.
  • Ransomware – A type of malware that uses encryption to block access systems or threaten to publish user data unless a ransom is paid.
  • Theft of patient data – Stolen medical records can be used to conduct fraudulent activities, such as impersonating an individual in an attempt to receive reimbursement for healthcare services.
  • Insider threats – Individuals who have access to key systems willingly or mistakenly put them at risk. Insider threats in healthcare can come from employees, former employees, or contractors/vendors.
  • Hacked devices – From security camera sensors to handheld medical devices, billions of devices are connected to each other thanks to the internet of things. Hackers can take advantage of weak points in these connections to access systems with personal patient data.

Practical steps to protect against cyber attacks

  1. Build security awareness with the Digital Health Security Awareness eLearning course
  2. Keep your software up-to-date
  3. Use strong passwords and implement multi-factor authentication
  4. Back up your data regularly
  5. Do not respond to unsolicited phishing emails, texts and calls
  6. If you fall victim to ransomware, avoid paying the ransom.

Selecting secure IT products and services

The Australian Digital Health Agency has put together a companion for the Information Security Guide for small healthcare businesses, with questions to ask your IT vendors. Click here to access the guide.

Training and resources

For cyber security support

The Australian Cyber Security Hotline provides 24/7 support. Call 1300 CYBER1 (1300 292 371).

Murray PHN’s Digital Health Team can provide resources and referral information to assist practices to understand cyber security. Email digitalhealth@murrayphn.org.au for support.

Only a third of Australian Healthcare organisations embed cyber security awareness and training into their organisational policies and procedures

– Cyber Security Across the Australian Healthcare Sector 2018

Last Update: July 9th, 2024

Murray PHN acknowledges its catchment crosses over many unceded First Nations Countries, following the Dhelkunya Yaluk (Healing River).

We pay our respects and give thanks to the Ancestors, Elders and Young people for their nurturing, protection and caregiving of these sacred lands and waterways, acknowledging their continuing cultural, spiritual and educational practices.

We are grateful for the sharing of Country and the renewal that Country gives us. We acknowledge and express our sorrow that this sharing has come at a personal, spiritual and cultural cost to the wellbeing of First Nations peoples. We commit to addressing the injustices of colonisation across our catchment, and to listening to the wisdom of First Nations communities who hold the knowledge to enable healing. We extend that respect to all Aboriginal and Torres Strait Islander peoples.