PODCAST: Prevention is better than cure when it comes to cybersecurity. Data security expert Troy Hunt discusses how to protect yourself, your practice and your patients' privacy.
Prevention is better than cure when it comes to cybersecurity. Data security expert Troy Hunt discusses how to protect yourself, your practice and your patients’ privacy.
The health care sector is number one again in 2021 for reporting the highest number of data breaches in Australia.
It’s a consistent track record that reflects concerted targeting by hackers because health data can fetch a lot more than other personal information on the black market.
According to cybersecurity expert Troy Hunt, sophisticated cyber hackers are trying to trip up your systems and your staff “every hour, every day”.
Mr Hunt spoke to In Conversation podcast and outlined practical actions that can be taken to protect doctors, businesses and patient privacy.
“Healthcare is a really interesting target because we’ve got professionals there who are extraordinarily good at what they do – but they’re there to fix people, they’re not there to maintain PCs,” he said. “So very often we end up with infrastructure in medical practices which does tend to get a little bit dated and a little bit poorly managed.”
Under Australian laws, any doctor who inadvertently breaches patient data privacy, could be fined up to $340,000 and their practice could be fined up to $1.7 million.
Ms Angelene Falk is the Australian information commissioner and privacy commissioner. She told Rheumatology Republic that in the first half of 2021 most notifications by health service providers involved malicious or criminal attacks. In previous reports human error had been the leading cause of data breaches.
“Health service providers can embed good privacy in their practice by understanding their privacy obligations, improving security, revising systems and processes for responding to breaches, and training staff on secure information handling practices,” Ms Falk said.
The OAIC’s Guide to health privacy is intended to help health service providers understand their obligations under the Privacy Act 1988 and embed good privacy in their practice. The OAIC has also published a data breach action plan for health service providers.
