Protecting you from cyber risk

Cyber risk is a growing threat to medical practices, so it’s important you’re prepared. 

Our Cyber Risk Program is designed to protect your practice so you can keep on practicing. It includes:

  • Cyber Risk Resourcesfor Members and Practice Policyholders with access to resources by global cyber experts and cyber security education sessions.

  • Complimentary Cyber Risk Cover for MDA National Practice Indemnity Policyholders until 30 June 2021, including a 24-hour cyber crisis hotline and up to $100,000* cover in the aggregate against cyber-related privacy breaches, network security liability, media liability, cyber extortion, data loss, business interruption and incident responses. Click here to find out more.


Training staff to identify email scams

Medical practices need to be vigilant about cyber security, including staff use of email. A significant increase in deceptive email schemes relates to COVID-19 themed scams. These scams trick users into visiting fake websites or clicking on malicious links, allowing cyber criminals to steal information. 

Tips to give your practice staff include:

  • Be sceptical. If you receive an email containing hyperlinks or attachments, even from a trusted source, be wary of opening them. Definitely do not attempt to log in on any web page you are directed to
  • Be wary of timely unsolicited communications – scammers will look to exploit current events, like the pandemic, tax time, Christmas etc
  • As well as featuring official-looking logos and disclaimers, phishing emails typically include a ‘call to action’ to trick us into giving out sensitive personal information, from passwords to bank details
  • Be wary of unusual language or tone used in email. Look for bad grammar and spelling mistakes
  • Whale and Spear Phishing attacks are on the rise - these attacks will pose as trusted sources eg an email from the practice manager asking for more information in an attempt to trick you into divulging secrets or enabling financial fraud
  • Always double-check the email is from a trusted source, and not someone impersonating a trusted source
  • Look at the sender’s address - beware suspicious or misleading domain names
  • Do not provide sensitive information such as passwords over email
  • Never download applications or execute them on work computers
  • If you judge an email to be a scam, delete it and don’t respond
  • If you are unsure of the legitimacy of a message, contact the business it claims to be from separately to check if they are likely to have sent the message. Use contact details you find through
  • legitimate source, like the business’s official website, and not those contained in the suspicious message
  • If you suspect that you may have fallen victim to a phishing attempt, entered any personal information, or opened and downloaded any attachments from a suspicious email, contact your IT provider immediately, whose advice may include:
    • Disconnect your device
    • Change your passwords.


Stay Smart Online has a quiz to put your skills in spotting a scam email to the test.


*Cyber Enterprise Risk Management Insurance Policy is arranged by Jardine Lloyd Thompson Pty Limited (ABN 69 009 098 864, AFSL 226 827), underwritten by Chubb Insurance Australia Limited (ABN 23 001 642 020) and can be accessed by new and current MDA National Practice Policyholders until the earlier of 30/06/19 or their ceasing to hold a current MDA National Practice Indemnity Policy. The Cyber Enterprise Risk Management Insurance Policy terms, conditions, exclusions, limits and deductibles apply.

MDA National insurance products are underwritten by MDA National Insurance Pty Ltd (MDA National Insurance) ABN 56 058 271 417 AFS Licence No. 238073, a wholly owned subsidiary of MDA National Limited ABN 67 055 801 771. Before making a decision to buy or hold any products issued by MDA National Insurance, please consider your personal circumstances and read the Important Information and Policy Wording and the Supplementary Important Information and Endorsement to the Policy Wording available at