News
Information security guide to keep GP data safe
Worried an Optus-style data breach could affect you? An updated information security resource is now available for general practice.
Cyber security threats are rapidly evolving, as the recent Optus data breach shows.
In case any reminder were needed about the importance of information security, along came the Optus data breach.
In a costly public relations disaster for the communications company, up to 9.7 million customer’s names, dates of birth, email addresses, driver’s licences, Medicare cards and passport numbers were potentially exposed by cyber attackers.
This month, to reflect the ever-evolving nature of information security risks, the RACGP has published an updated resource, designed to help protect the data of general practices, patients and staff.
Dr David Adam, a member of the RACGP Expert Committee – Practice Technology and Management, says the Optus leak shows to what extent sensitive data can be a liability as much as an asset.
‘It is a good reminder that we should only collect information that is essential for clinical purposes and to be very careful how it is shared, both internally and externally,’ he told newsGP.
According to Dr Adam, the updated resource is highly relevant for all practice owners, practice managers and IT contractors – and is likely to be valuable beyond that group too.
‘Anyone who is setting up a practice will find it essential reading before signing any contracts,’ he said.
‘It can also be useful for anyone who works with sensitive information in day-to-day practice – which is all GPs.’
The guidelines, released to tie in with Cyber Security Awareness Month, are closely based on the Essential Eight Maturity Model developed by the Australian Cyber Security Centre (ACSC), the Australian Government’s lead agency for cyber security.
Designed to protect Microsoft Windows-based internet-connected networks, the model was first published in June 2017 and is updated regularly. It is designed to guide the implementation of the ‘Essential Eight’ mitigation strategies, which the ACSC says ‘makes it much harder for adversaries to compromise systems’.
There is also additional information included in the RACGP resource about cyber security and cloud computing.
The information has been collated into an easy-to-access online guide designed to be a ‘one-stop-shop’ for GPs, covering the following three areas:
The guidelines aim to help general practices put in place robust information security protocol, protect clinical and practice data, manage ever-shifting cyber security risks, and keep to legal obligations.
Dr Adam said while cyber-attacks of the scale experienced by Optus are broadly not directed at general practice, following the resource guidelines should help GPs have some peace of mind about their practice’s data.
‘It’s unusual for general practices to be specifically targeted, with most incidents occurring either due to inadvertent disclosure or widely-dispersed hazard,’ he said.
‘Implementing the essential eight controls highlighted in the guide will provide a strong defence against being caught up in widespread malware campaigns.’
The updated Information security in general practice resource is available on the RACGP website.
Log in below to join the conversation.
data information security privacy
newsGP weekly poll
Is it becoming more difficult to access specialist psychiatric support for patients with complex mental presentations?