Cyber Security in Aged Care

As the aged care sector grows, so does the threat of cyber attack. 

The Australian aged care sector is becoming a popular target for cyber criminals seeking personal data, in particular highly valuable medical records. A number of organisations have had breaches over the last year, caused by increasingly complex malicious attacks, human error and system failures.  

From January to June 2021, 19% of all breaches reported to the Office of the Australian Information Commissioner (OAIC) were for the healthcare sector, which outstripped other sectors, including banking and insurance, as the most targeted overall. Of these breaches 91% targeted contact information, 55% involved identity information & 43% involved financial details.1 

For aged care providers these attacks can significantly impact the business in a number of different ways including:  

  • Financial loss due to ransomware, subsequent ongoing costs to retrieve data and to get information systems back online 
  • Disruption to operations including delivery of care and workforce rostering 
  • Prevention of the delivery of quality care to consumers 
  • The ability to satisfactorily meet the Quality Standards  
  • Reputational damage and a loss of confidence from stakeholders  

How can providers bolster cyber security in their organisations? 

Train the workforce to be cyber conscious: Ensuring that all staff across the business are educated on correct system use and basic threat detection is the first barrier of defence. With human error a key factor in many cyber-attacks, ensuring staff are aware of malicious links is crucial.  

Upgrading & continuously testing cyber security systems: There is a prevalence of legacy technologies in the aged care sector, which makes for an attractive and easier target for cyber criminals. Having a ransomware recovery and response plan is imperative, and testing its effectiveness is critical to ensure that it Is resilient to increasingly complex attacks.  

Engaging executives and board members: A successful cyber security plan requires buy in from both the board and senior leadership team, to obtain both investment for necessary systems and software but also to cement a security centred culture for the rest of the business.  

Develop a user access policy & implementation of identity management: Providers need to ensure that access to systems and information is regulated and that it is only given where relevant. The access for each member of the workforce also needs to be properly authenticated to prevent malicious actors from gaining access to the network.  

In February 2022, Forefront Events are hosting the Aged Care IT Summit, attend and hear from leading providers on how to bolster cyber security in your organisation. Click here for more information.