This time last year, we posted an article highlighting the dangers of cybersecurity attacks in the healthcare industry, with some practical suggestions for minimising the risk of an attack on your practice around staff training and behaviour. As we approach October again, the National Cybersecurity Awareness Month (NSCAM), we look at what’s changed in the last year, and the work our training team have done to help you introduce your staff to cybersecurity and develop your own practice policies in this critical space.
Healthcare Still The Prime Target
The Notifiable Data Breaches report from the Office of the Australian Information Commissioner (OAIC) for the last half of 2022 still numbers Health Service Providers as the most affected industry sector for notifying data breaches.
With healthcare still the leader for data breach notifications, it remains more important than ever to consider the value of training your staff on cybersecurity concepts like phishing (and now ‘smishing’), social engineering, password strength, and remote login, as well as updating your practice policies to reflect best practices.
The Australian Competitions and Consumer Corporation’s 2023 report Targeting Scams also highlights some trends in scam-related contacts over the last year. The top contact method for scam attempts is now SMS text message, or ‘smishing’, where scammers attempt to impersonate a government agency, like Medicare or the ATO, or a private company such as Amazon or the tolling company Linkt, with a hyperlink to a scam site to enter credential information and potential access to bank account details or personal data.
With SMS messaging a standard practice-patient communications method, and healthcare a prime target for cybercriminals, it’s inevitable that cyberattacks by SMS will become more and more frequent and both practices and patients will need education on how to spot a scam text message as much as a phishing email attempt.
Partnering With You Legal
To help guide your practice in forming its policies around key concepts and processes, Best Practice Software recently partnered with Sarah Bartholomeusz of You Legal to present a webinar titled Cybersecurity at Your Practice.
Sarah went through You Legal’s five-step process for preparing your practice for a cyberattack event, reducing the chances of an attack, and understanding your legal obligations that constitute your response to an attack, including assessment, remedial action, and notification to the OAIC. This is critical information that your practice must be aware of as key targets of cybercriminal activity.
Also presented in the webinar were demonstrations of the Bp Premier features you can use to implement some of the strategies discussed in the first half, such as the use of the backup schedule for disaster recovery, the comprehensive password management options now on offer, fine-tuning lockdown of the clinical record, and using the audit history tool as part of an incident assessment.
An Introductory eLearning Course For Your Practice
The Bp training team are proud to announce a free education resource for all of our practices, called Practicalities of Cybersecurity at Your Practices.
This is an introductory course that will explain some of the terminology and concepts in cybersecurity that are relevant to medical practices. The course also introduces some best practices around staff training on cybersecurity, including how to spot a phishing email, what a social engineering phone call might sound like, and the importance of due diligence around third party integrations.
We’ve provided plenty of up to date Australian government and peak body resources to start creating and updating your own practice policies on privacy and cybersecurity.
If you are interested in your staff undertaking this short elearning course, you can email email@example.com for the link to get started!
Lead Content Developer at Best Practice Software