Securing cyber resilience for you and your practice handout

Cyber attacks against healthcare organisations account for 1 in 10 in Australia. These may include ransomware, data breaches, DDoS attacks, fraud scams and insider threats (supply chain). Ensuring you follow cyber hygiene practices helps you to prevent attacks from taking place.

Practice entity & cyber liability

MIPS’ Indemnity Insurance policy relates to healthcare. It does not cover any claim associated with the loss of patients’ records, cyber cover or Practice Entity cover. An insurance broker, Aon, offers practice Entity & Cyber cover insurance.

MIPS receives no financial benefit or commission from this but provides this facility for members to apply. Assess your requirements for these covers at Aon – Cyber.

Further information available at Practice entity and cyber cover referral

What are the key cyber security threats for healthcare organisations?

Ransomware – A highly disruptive form of cyber-attack, ransomware is a form of malware designed to lock up, encrypt and extract data. These attacks are accompanied by extortion demands, requiring payment of a ransom (often in bitcoin) to decrypt or prevent publication of stolen data 1.

Data breaches – often caused by social engineering or impersonation.

DDoS attacks – a cyberattack on a server, service, website, or network that floods it with Internet traffic. The aim is to overwhelm the website or service with more traffic than the server or network can accommodate 2.

Phishing – a way that cybercriminals steal confidential information (online banking logins, credit card details, business login credentials or passwords/passphrases) by sending fraudulent messages (sometimes called ‘lures’).

Insider threats – include sabotage, theft, espionage, fraud, and competitive advantage, are often carried out through abusing access rights, theft of materials, and mishandling physical devices 3.

What you can do to protect yourself, your patients, and your organisation

Passwords:

  • Make them long and strong.
  • Don’t use things that can be easily guessed.
  • Passphrases are a good idea.
  • Use a password manager.
  • Turn on multi-factor authentication.

Phishing emails

  • Don’t open it if you don’t expect it!
  • Be sceptical
  • Be aware of your online presence.
  • If you receive a suspicious link, do not open or click on it. Inspect it.
  • Use strong passwords.
  • Always ensure your software is up to date.

MIPS Membership

The benefits of membership include the MIPS indemnity insurance, which relates to the provision of healthcare. It excludes claims associated with the loss of, damage to, or the failure to adequately protect the security of electronic or hard copy medical records. MIPS does not provide a cyber cover or Practice Entity cover. Members need to make their assessment and consider their risk concerning this. MIPS has established a relationship with Aon to help facilitate MIPS members inquire and obtain an estimate for practice entity and cyber cover.

Useful resources

RACGP 

Australian Cyber Security Centre

MIPS webinars

MIPS Practice Notes

[1] Locked Out: Tackling Australia’s ransomware threat

[2] What is a distributed denial of service attack (DDoS) and what can you do about them?

[3] Insider Threat - Cyber

Back to top