Articles and Case Studies

What We Learnt About the Cybersecurity Elephant

29 May 2018

cyber elephant

For medical practices, cybersecurity generally feels like a very big elephant to confront – one that may be tempting to ignore.

According to Prof Patricia Williams, CISCO Chair and Professor of Digital Health Systems at Flinders University, it's definitely much better to adopt another pachyderm adage, "You eat an elephant one bite at a time".


It’s easy to feel scared by cybersecurity matters because:

  • cyber-attacks in the media are only a small fraction of those happening
  • they can affect patient safety and the financial bottom line
  • health providers account for a large proportion of data breaches in Australia and globally
  • for the ‘bad guys’, it’s simply a numbers game with what they send into cyberspace. They’ve got nothing against you personally, but they can make a lot of money interrupting your business or demonstrating they’ve got the sensitive information you hold.

MDA National’s How to Avoid Catching and Sharing IT Woes forum on 21 March 2018 included a Q&A panel session and talks by Prof Williams, Gae Nuttall (MDA National Risk Adviser) and Jonathan McCoy (Lawyer and Information Security Specialist). Held in Perth, the education session was moderated by Dr Jane Deacon (GP and Medico-legal Adviser), and over 50 Members and their practice staff attended.

Prof Williams broke the cybersecurity elephant down into a list of smaller bites for practices, including:

  • roles and responsibilities
  • managing systems access
  • internet and email use
  • backup
  • mobile electronic devices.

Gae Nuttall was particularly struck when Prof Williams said, “People aren’t the weakest link, they are the only link”. Cybersecurity isn’t a case of set-and-forget; people need to be constantly involved. “Trish’s comment made it clear how very important staff training is,” said Gae. “The whole team needs to understand their role in helping to prevent cyber problems.”

And something Gae stated about privacy policies especially resonated with participants. The most common theme in what people were going to do differently as a result of this forum related to the practice’s privacy policy. Having the legally required privacy policy establishes a culture and set of processes that help your workplace fulfil other responsibilities. “Your privacy policy must be clearly expressed, up to date and freely available,” Gae emphasised. “An appropriate privacy policy ensures that privacy compliance is included in the design and implementation of your information systems and practices. There are handy templates available to help.”

Another bite participants frequently said they would take up next because of what they learned was better planning for a data breach. Jonathan said people generally react to a cybersecurity incident “without due regard or logic”. So being prepared is vital. Have you genuinely tested your digital backup system? Do you know what your provider says they’ll do regarding your backup, and are they actually doing it?

Improving email use was another common actionable bite for attendees. Prof Williams gave a handy tip that if you’re archiving a moderate number of emails containing sensitive information, then each email can readily be individually encrypted.

Dr Deacon’s take home message was that cybersecurity has many different aspects: “It’s not one thing, and it’s important that we keep working on the various parts”. Find a piece and chew.

Resources and more information

Keep an eye out for our future cybersecurity education activities available nationally.


MDA National Education Services

Technology, Anaesthesia, Dermatology, Emergency Medicine, General Practice, Intensive Care Medicine, Obstetrics and Gynaecology, Ophthalmology, Pathology, Practice Manager Or Owner, Psychiatry, Radiology, Sports Medicine, Surgery, Physician, Geriatric Medicine, Cardiology, Plastic And Reconstructive Surgery, Radiation Oncology, Paediatrics, Independent Medical Assessor - IME


Doctors Let's Talk: Get Yourself A Fricking GP

Get yourself a fricking GP stat! is a conversation with Dr Lam, 2019 RACGP National General Practitioner of the Year, rural GP and GP Anesthetics trainee, that explores the importance of finding your own GP as a Junior Doctor.


25 Oct 2022

Systematic efforts to reduce harms due to prescribed opioids – webinar recording

Efforts are underway across the healthcare system to reduce harms caused by pharmaceutical opioids. This 43-min recording of a live webinar, delivered 11 March 2021, is an opportunity for prescribers to check, and potentially improve, their contribution to these endeavours. Hear from an expert panel about recent opioid reforms by the Therapeutic Goods Administration and changes to the Pharmaceutical Benefits Scheme. 

Diplomacy in a hierarchy: tips for approaching a difficult conversation

Have you found yourself wondering how to broach a tough topic of conversation? It can be challenging to effectively navigate a disagreement with a co-worker, especially if they're 'above' you; however, it's vital for positive team dynamics and safe patient care. In this recording of a live webinar you'll have the opportunity to learn from colleagues' experiences around difficult discussions and hear from a diverse panel moderated by Dr Kiely Kim (medico-legal adviser and general practitioner). Recorded live on 2 September 2020.