Healthcare organisations are victims of one in ten in cyber attacks in Australia. Despite the size of your workplace whether it be a small practice or a large hospital, the need for cybersecurity is still high. 

Criminals consider healthcare data extremely valuable due to the high volume of sensitive information. Sensitive information such as contact details, past addresses, date of birth and other personal details can be used for identity theft, while an individual's healthcare information may be used to extort the vulnerable. Due to the high returns criminals can gain for this information, they are often very willing to go to any lengths to bypass security. 

Data breaches of a malicious or criminal nature are increasing globally and within Australia. The Australian Cyber Security Centre (ACSC) receives a report of a cyber crime in Australia every ten minutes. Data from the Office of the Australian Information Commissioner shows that criminal data breaches make up nearly two-thirds of all reported data breaches.


2020
Notifications1,057
% criminal58%
% human error35%
% system fault5%

Source: Notifiable Data Breaches Report, OAIC

Healthcare practices are a reservoir due to the large amounts of personal information they store making them a prime target for hackers. Ensuring you and everyone in your practice follows good cyber hygiene will help prevent your practice from falling victim to an attack or in the least limit the damage.

MIPS’ Indemnity Insurance policy relates to the healthcare services your provide, but it is not designed or intended to comprehensively cover every aspect of your business. If your business is at risk of being sued or possible cyber attack then practice entity and cyber cover is able to protect you from any loss. MIPS' partner, Aon, an insurance broker, offers Practice entity, cyber and public & product liability. MIPS receives no financial benefit or commission from this but provides assists members to apply for cover. 

Key cyber security threats for healthcare organisations

Ransomware – A highly disruptive form of cyber-attack, ransomware is a form of malware designed to lock up, encrypt and extract data. These attacks are accompanied by extortion demands, requiring payment of a ransom (often in bitcoin) to decrypt or prevent publication of stolen data 1.

Data breaches – often caused by social engineering or impersonation.

DDoS attacks – a cyberattack on a server, service, website, or network that floods it with Internet traffic. The aim is to overwhelm the website or service with more traffic than the server or network can accommodate 2.

Phishing – a way that cybercriminals steal confidential information (online banking logins, credit card details, business login credentials or passwords/passphrases) by sending fraudulent messages (sometimes called ‘lures’).

Insider threats – include sabotage, theft, espionage, fraud, and competitive advantage, are often carried out through abusing access rights, theft of materials, and mishandling physical devices 3.

What you can do to protect yourself, your patients, and your organisation

Passwords:

  • Make them long and strong.
  • Don’t use things that can be easily guessed.
  • Passphrases are a good idea.
  • Use a password manager.
  • Turn on multi-factor authentication.

Phishing emails

  • Don’t open it if you don’t expect it!
  • Be sceptical
  • Be aware of your online presence.
  • If you receive a suspicious link, do not open or click on it. Inspect it.
  • Use strong passwords.
  • Always ensure your software is up to date.

MIPS Membership

The benefits of membership include the MIPS indemnity insurance, which relates to the provision of healthcare. It excludes claims associated with the loss of, damage to, or the failure to adequately protect the security of electronic or hard copy medical records. MIPS does not provide a cyber cover or Practice Entity cover. Members need to make their assessment and consider their risk concerning this. MIPS has established a relationship with Aon to help facilitate MIPS members inquire and obtain an estimate for practice entity and cyber cover.

Useful resources

RACGP 

Australian Cyber Security Centre

MIPS webinars

MIPS Practice Notes

[1] Locked Out: Tackling Australia’s ransomware threat

[2] What is a distributed denial of service attack (DDoS) and what can you do about them?

[3] Insider Threat - Cyber

Missed the MIPS webinar? Catch up On-Demand

This information is not intended to be legal advice and as such should not be relied on as a substitute. You may need to consider seeking legal or other professional advice about your individual circumstances as appropriate. Should you wish to obtain further information you can review our Member Handbook Combined PDS and FSG or contact MIPS on 1800 061 113. You may need to consider seeking legal or other professional advice about your individual circumstances as appropriate. Information is current as at the date published.