The latest report of data breaches from the Office of Australian Information Commissioner (OAIC) reports a big increase in data breaches but disturbingly for our dental and medical clients, health professionals reported the highest number of breaches. The trend of increasing breaches is likely to continue to escalate as business becomes more aware of their responsibility to protect their client’s personal data.
The privacy commissioner in his report states ‘one way the health sector can ensure trust is to be transparent and accountable when breaches occur but also take steps to mitigate against those breaches’. Making sure your staff are aware of the importance of protecting client data and providing them with information about breaches that are occurring will go a long way. The largest number of breaches in the health sector were due to human error such as sending personal information to the wrong address. Are your staff aware that sending personal information to the wrong email address does constitute a privacy breach and should be reported? Simply being aware will go a long way towards preventing these errors in the first place.
The second highest number of breaches in the healthcare sector arose from malicious breaches by hackers and cyber criminals. Health professionals are one of the main targets of these criminals due to the amount of sensitive personal data held. Personal data to a hacker is the next best thing to cash, it can be sold through a black market or used to extort a ransom from a medical provider.
Health professionals do have a big target on them, but cyber criminals will target the easiest victim and that is a usually a practice with minimal IT security in place, of which there are still many. Having up to date IT security in place will repel the majority of cyber crooks but not all, types of attacks keep evolving so you and your staff need to be vigilant. Have regular discussions with your staff about what types of dodgy emails you are seeing so people think before opening up a strange file.
The Australian Cyber Security Centre advises that the risk of a malicious breach can be greatly reduced by implementing simple password protection strategies and raising staff awareness of protecting their credentials. We all have countless numbers of passwords so this may not be possible for every single application used but make sure your critical applications that are likely to be targeted have secure passwords that are changed regularly.
Cyber insurance is also an option for all businesses. The number of available cyber insurance policies is increasing all the time and the cost is reducing. Policies do vary greatly so make sure you understand the cover you are buying if you do purchase a cyber insurance policy.
The OAIC reports provides good information as to what is happening in they cyber world which in the past was mostly unreported. Keeping up to date with this information and following some simple steps will reduce the threat against your practice. The Data breach legislation is doing its job in forcing us to improve the protection of data. Awareness will continue to grow as will the expectation of the public that their data is protected.