Articles and Case Studies

Cyber Attacks: They Could Happen to You

27 Jun 2018

Hacker sits at computer with binary code in background

Argus software is used to send secure messages between GPs, specialists, hospitals and allied health practitioners.

It is used at about 3,500 sites by around 40,000 practitioners in Australia. According to Telstra Health who acquired and distributed Argus, these users trusted Argus to “securely communicate confidential patient information quickly and reliably, in-line with privacy standards".

However, according to Fairfax Media, hackers managed to gain access to a number of doctors’ computers via a flaw in the Argus software. Although it appeared that the medical records had not been improperly accessed or disclosed, a Fairfax source said the hackers used the exposed information to run scams such as dating or rental scams, and to anonymously purchase goods online using presumably stolen credit cards.

The incident highlights the need for medical practices to regularly update software and security systems.

Telstra Health has indicated that the vulnerability appears to have occurred in specific versions of Argus that had not been updated, and where remote desktop connections were open to unauthorised parties outside of their network. When Argus was installed it automatically created an extra Windows user account with a default password stored in a plaintext file, allowing hackers to login.

The Australian Digital Health Agency said that the vulnerability has been addressed with a security patch and customers have been provided with the steps necessary to ensure they have the basic security settings in place. 


MDA National’s Cyber Risk Program

Ransomware in health care is on the rise, and an increasing number of doctors and practices have been contacting us to discuss data intrusions into their practice computer systems. To help you be prepared, MDA National has recently launched its Cyber Risk Program – a collection of cyber risk initiatives:

  • Cyber Risk Education for MDA National Members and Practice Indemnity Policyholders which includes:

    • online access to case studies, articles and blogs by global cyber experts
    • quarterly cyber risk email updates to support you in mitigating cyber risk
    • cybersecurity education activities.

  • Complimentary Cyber Risk Cover for MDA National Practice Indemnity Policyholders until 30 June 2019 which includes:

    • 24-hour cyber crisis assistance
    • cover up to $100,000* in the aggregate against cyber-related privacy breaches, network security liability, media liability, cyber extortion, data loss, business interruption and incident responses.

For more information on cyber security, see MDA National’s Cyber Resources page.


 
*Cyber Enterprise Risk Management Insurance Policy is arranged by Jardine Lloyd Thompson Pty Limited (ABN 69 009 098 864, AFSL 226 827), underwritten by Chubb Insurance Australia Limited (ABN 23 001 642 020) and can be accessed by new and current MDA National Practice Indemnity Policyholders until the earlier of 30/06/19 or their ceasing to hold a current MDA National Practice Indemnity Policy. The Cyber Enterprise Risk Management Insurance Policy terms, conditions, exclusions, limits and deductibles apply.

General Practice, Practice Manager Or Owner
 

Library

How to Respond to a Complaint

Even a complaint that may seem trivial is important to the patient. MDA national Medico-legal Adviser and practicing GP, Dr Jane Deacon, discusses how to respond to a complaint.

Podcasts

11 Apr 2019

Top Tips and Medico-legal Mistakes Part 1

MDA National Executive Professional Services Manager and GP, Dr Sara Bird, explains how to be better prepared and avoid common medico-legal mistakes.

Podcasts

11 Apr 2019