In a hyper-connected world, data security is now a critical issue for Australian businesses – and their clients.
And healthcare practices are no different. Patients, suppliers and employees alike, have entrusted you with valuable information. The systems your practice uses to access, store and as appropriate delete this information, are critical to your ability to operate in today’s world.
More and more data breaches are being reported to the Australian privacy watchdog, with the Office of the Australian Information Commissioner (OAIC) receiving 812 notifications in 2018 as part of its mandatory breach reporting regime.[i]
What is the cost of data security?
Data breaches bring the potential for significant reputational damage and resource costs, as the Australian Parliament found recently when its computing network suffered an “unfortunate” breach. In response, all user passwords were reset and a range of other unspecified security measures implemented to protect the network.
The incident follows other embarrassing security breaches for the federal government, including the darkweb sale of Medicare card details.
Reputational damage and IT costs aside, organisations also risk hefty penalties if they suffer a data breach. In March, the Morrison Government announced plans to increase the penalties levied for a privacy breach under the Privacy Act to 10% of a company’s turnover.[ii]
What can you do to protect sensitive data?
The latest OAIC quarterly report found close to two-thirds of all data breaches were attributable to malicious or criminal attacks, with a key attack vector being phishing. Most of the remaining 33% of breaches involved human error.[iii]
To reduce these vulnerabilities, healthcare practices need to invest in safe and secure digital health services and systems to improve health outcomes. Like all businesses, practices should patch and update software as soon as the option becomes available, encrypt all sensitive data and upgrade when software is no longer supported by the manufacturer.
Given the continuing success of phishing attacks, ongoing employee training on best security practices and ways to avoid socially engineered attacks is also essential.
As human error is responsible for many breaches, automating as many of your practice’s systems and processes as possible is helpful. Adding filters on emails and internet browsers helps prevent employees or practice principals accidentally clicking on malicious websites or emails.
The increasing use of centralised or cloud storage for key data has reduced the vulnerability of upgrading hardware however, many employees still save important data to their local hard drive.
Although robust security measures are vital in avoiding data breaches, there are many low tech ways practices can protect sensitive data. These include, for example:
- Encouraging employees to use company network drives for storage of information; and
- Discouraging the use of USB and portable drives, or the use of local drives on laptops and desktops, for personal or business data.
To learn more about how you can secure your practice’s data and solve your financial year-end cash flow and capital challenges, download the new Credabl whitepaper 4 reasons to buy equipment at EOFY today.
Did you enjoy reading this blog? Sign up to hear from us on a regular basis.
[i] https://www.computerworld.com.au/article/657296/more-than-800-data-breaches-reported-australian-privacy-watchdog-2018/ [ii] https://www.computerworld.com.au/article/659223/government-boost-fines-privacy-breaches [iii] https://www.computerworld.com.au/article/657296/more-than-800-data-breaches-reported-australian-privacy-watchdog-2018/