Cyber Risks Realised

Don’t think it can’t happen to you – medical practices are being targeted by cyber scammers.

One morning, a specialist’s practice software would not open. Staff called the IT support team, who found that all network files had been encrypted and locked by a virus. An attempt to restore data from the backup server failed because that had also been locked. A ransom notice appeared, demanding payment in bitcoin in exchange for a decryption code. The specialist chose to pay the ransom, and the IT team recovered most of the data. A number of measures were taken to strengthen security and prevent a similar attack.

A medical and allied health practice was alerted by patients to emailed invoices purportedly from the practice, requesting payment be made into an account not known to the practice. This scam was an attempt to get money from the patients, but attacks like this could also involve links which upload viruses onto the email recipients’ computers.

There are a number of steps you can take to secure your data. Learn more about protecting your practice on MDA National’s website. Note that if patients’ privacy is breached, there are new legal requirements effective 22 February 2018 to notify patients and the Office of the Australian Information Commissioner. Only data breaches involving likely risk of serious harm to the individuals involved, need to be reported. If your management of the data breach means serious harm is no longer likely, the notification obligations under the legislation will not be required.