Health practices and clinics urged to improve cybersecurity

Healthcare professionals at the coalface of cyber attacks are being urged to immunise their businesses against threats as incidents surge.

The Council of Small Business Organisation Australia’s (COSBOA) Cyber Wardens and healthcare leaders are warning small clinics and practices they are just as vulnerable to cybercrime as big companies such as Medibank.

Healthcare providers topped the list of sectors reporting notifiable data breaches to the Office of the Australian Information Commissioner in 2023, with incidents rising from 63 in January–June 2023 to 104 in the second half of last year.

The free Cyber Wardens program has now been accredited for continuous professional development (CPD) training for a raft of healthcare professionals and bodies, including the Australian College of Rural and Remote Medicine.

Cyber Wardens is a free, federal government-supported cybersecurity e-learning program aimed at boosting the online safety of Australia’s 2.5 million small businesses, including healthcare practices and clinics.

COSBOA CEO Luke Achterstraat said CPD accreditation was a significant step towards safeguarding the industry. The course includes basic tips such as the importance of multi-factor authentication — the absence of which allegedly led to Medibank’s 2022 data hack.

It’s no longer just IT experts who are responsible for cybersecurity — it’s critical that Australian doctors and practices are trained in the basics to help fight attacks, he said.

“We don’t want to see our health system end up on life support due to cybercriminals. Research shows that only a third of Australian healthcare organisations embed cybersecurity awareness and training in their organisational policies and procedures,” Achterstraat said.

Australian Medical Association (SA) President Dr John Williams said the association was fielding a rising number of enquiries about cyber safety. “It is a huge concern. There is a lot of uncertainty about what should be done, what the risks are and how to address those risks,” said Williams, a GP in rural South Australia.

Online crime is said to be one of the most pressing concerns for doctors and practice managers, particularly those working in under-resourced clinics in regional and remote areas.

“As a profession we need to deal with cyber threats head-on and have proper practices and procedures in place. It is a sleeper issue at the moment as our GPs are so busy, and many don’t know how to deal with it — they are hoping it won’t happen or lack the digital literacy to manage it.”

Williams said the heightened risk had even sparked some nervousness about electronic health records. “I know anecdotally that there is less uptake of electronic patient health records among specialists, as some see [paper records] as more secure,” he said.

“Unfortunately, that only slows the uptake of things that are potentially fantastic for our patients and the quality of care we can give. So it’d be a real pity to see cybersecurity concerns get in the way of progress.”

In Australia, all registered healthcare professionals are required to fulfil their mandated CPD program. Cyber Wardens is accredited for one hour of CPD learning.

Image credit: iStock.com/sorbetto