Cyber attacks against healthcare organisations account for 1 in 10 in Australia. These may include ransomware, data breaches, DDoS attacks, fraud scams and insider threats (supply chain). Ensuring you follow cyber hygiene practices helps you to prevent attacks from taking place.
Practice entity & cyber liability
MIPS’ Indemnity Insurance policy relates to healthcare. It does not cover any claim associated with the loss of patients’ records, cyber cover or Practice Entity cover. An insurance broker, Aon, offers practice Entity & Cyber cover insurance.
MIPS receives no financial benefit or commission from this but provides this facility for members to apply. Assess your requirements for these covers at Aon – Cyber.
Further information available at Practice entity and cyber cover referral
What are the key cyber security threats for healthcare organisations?
Ransomware – A highly disruptive form of cyber-attack, ransomware is a form of malware designed to lock up, encrypt and extract data. These attacks are accompanied by extortion demands, requiring payment of a ransom (often in bitcoin) to decrypt or prevent publication of stolen data 1.
Data breaches – often caused by social engineering or impersonation.
DDoS attacks – a cyberattack on a server, service, website, or network that floods it with Internet traffic. The aim is to overwhelm the website or service with more traffic than the server or network can accommodate 2.
Phishing – a way that cybercriminals steal confidential information (online banking logins, credit card details, business login credentials or passwords/passphrases) by sending fraudulent messages (sometimes called ‘lures’).
Insider threats – include sabotage, theft, espionage, fraud, and competitive advantage, are often carried out through abusing access rights, theft of materials, and mishandling physical devices 3.
What you can do to protect yourself, your patients, and your organisation
- Make them long and strong.
- Don’t use things that can be easily guessed.
- Passphrases are a good idea.
- Use a password manager.
- Turn on multi-factor authentication.
- Don’t open it if you don’t expect it!
- Be sceptical
- Be aware of your online presence.
- If you receive a suspicious link, do not open or click on it. Inspect it.
- Use strong passwords.
- Always ensure your software is up to date.
The benefits of membership include the MIPS indemnity insurance, which relates to the provision of healthcare. It excludes claims associated with the loss of, damage to, or the failure to adequately protect the security of electronic or hard copy medical records. MIPS does not provide a cyber cover or Practice Entity cover. Members need to make their assessment and consider their risk concerning this. MIPS has established a relationship with Aon to help facilitate MIPS members inquire and obtain an estimate for practice entity and cyber cover.
- Responding to a cybersecurity incident information security in general practice
- Computer and information security standards
Australian Cyber Security Centre
- Multi-factor authentication for stronger cyber protection
- Back-up data to defend against cybercrime
- How to back up devices
- ReportCyber - Are you a victim of cybercrime?
MIPS Practice Notes
- Cyber risk: The essentials of online security
- Cyber: Legacy system letdown
- 22% of all cyber security breaches within healthcare
- Cyber security attacks - are you prepared?
- Hackers love health data
- Top 10 IT security tips for healthcare practices