Articles and Case Studies

Cyber Scams: Is Your Practice at Risk?

09 Jul 2018

Digital cyber attack

We often hear about cyber scams and think, “That won’t ever happen to me or my business”.

We tend to believe we would never fall for a suspicious email asking us to submit passwords or click on fake links.

However, it’s important to be aware that cyber risk is a serious issue for Australian medical practices, particularly given the use of electronic health records. Scammers are becoming increasingly sophisticated and fraudulent activity can be harder to spot.

Case study

The following case study is based on actual medico-legal matters (details have been anonymised to protect the privacy of the parties involved):

One morning, a specialist’s practice software would not open. Staff called the IT support team, who found that all network files had been encrypted and locked by a virus. An attempt to restore data from the backup server failed because that had also been locked. A ransom notice appeared, demanding payment in exchange for a decryption code. The specialist chose to pay the ransom, and the IT team recovered most of the data. A number of measures were taken to strengthen security and prevent a similar attack.

Breaches of patient privacy

Note that if patients’ or other individuals’ privacy is breached, there are now legal requirements to notify patients and the Office of the Australian Information Commissioner.

Only data breaches involving likely risk of serious harm to the individual or individuals whose data is affected need to be reported. If your timely management of the data breach means serious harm is no longer likely, the notification obligations under the legislation may not take effect.

Taking measures to secure your data

The good news is there are a number of steps you can actively take to secure your data. MDA National aims to make preparing yourself, your practice staff, and your practice easier with our new Cyber Risk Program. The program incorporates:

  • Complimentary Cyber Risk Cover for MDA National Practice Indemnity Policyholders until 30 June 2019 which includes
    • 24-hour cyber crisis assistance
    • cover up to $100,000* in the aggregate against cyber-related privacy breaches, network security liability, media liability, cyber extortion, data loss, business interruption and incident responses.
  • Cyber Risk Education for MDA National Members and Practice Indemnity Policyholders which includes
    • online access to case studies, articles and blogs by global cyber experts
    • quarterly cyber risk email updates to support you in mitigating cyber risk
    • cybersecurity education activities.

For more information on cyber security, see MDA National’s Cyber Resources page.

*Cyber Enterprise Risk Management Insurance Policy is arranged by Jardine Lloyd Thompson Pty Limited (ABN 69 009 098 864, AFSL 226 827), underwritten by Chubb Insurance Australia Limited (ABN 23 001 642 020) and can be accessed by new and current MDA National Practice Policyholders until the earlier of 30/06/19 or their ceasing to hold a current MDA National Practice Indemnity Policy. The Cyber Enterprise Risk Management Insurance Policy terms, conditions, exclusions, limits and deductibles apply.

Practice Management, Technology, General Practice, Practice Manager Or Owner
 

Library

How to Respond to a Complaint

Even a complaint that may seem trivial is important to the patient. MDA national Medico-legal Adviser and practicing GP, Dr Jane Deacon, discusses how to respond to a complaint.

Podcasts

11 Apr 2019

Top Tips and Medico-legal Mistakes Part 1

MDA National Executive Professional Services Manager and GP, Dr Sara Bird, explains how to be better prepared and avoid common medico-legal mistakes.

Podcasts

11 Apr 2019