No room for cyber security oversight

Justin Fung LLB, B.S Partner, Head of Commercial & Corporate, Avant Law

Sunday, 16 October 2022

Computer screen showing that it has been 'hacked'

The recent Optus data breach, where millions of customers’ personal information was leaked, is a reminder for all businesses to remain vigilant when it comes to their cyber security and compliance protocols.

Failure to manage the risks can have costly consequences. Recently, a business was ordered to pay $750,000 to the Australian Securities and Investment Commission (ASIC) for breaching its licence obligations, after they had failed to adequately manage their cybersecurity risks.

Medical practice owners and managers will be expected to remain proactive about cybersecurity and ensure their systems and processes can appropriately respond to a cyberattack.

Why the heightened interest?

Protecting personal information continues to grow as an essential function of businesses everywhere, especially when it comes to sensitive information in sectors such as the health industry.

According to the World Economic Forum, cyber risk has been recognised as “the most immediate and financially material sustainability risk that organisations face today”. Cyber security attacks are becoming more sophisticated, particularly with high profile cyber security incidents taking place and coverage in the media.

It's a clear message from the corporate regulator: be prepared.

Ensuring compliance

According to ASIC, no business is too small for a cyber security strategy.

Medical practices are routinely collecting, storing, utilising and disclosing personal information. In light of the heightened attention and elaborate cyberattacks globally, it is good timing to look at your systems and processes and ask yourself:

  • Do you have appropriate cyber security risk management systems in place, and do they give you enough visibility of cyber risks so you can comply with your disclosure obligations?
  • Is there a way of testing and verifying the effectiveness of those risk management systems?
  • Are your current cyber security and IT systems adequate to store information securely and protect against third party infiltration?
  • Could you promptly identify any data breaches (actual or potential) and satisfy your reporting requirements?
  • Do your contracts with IT vendors protect your business by addressing and managing potential security breaches?
  • Do you have appropriate practice medical indemnity insurance cover in place to cover the legal costs of defending your practice and employees against unintentional breaches of privacy and confidentiality?

Hopefully you are confident the answer to each of these questions is ‘yes’.

Cyber risk is, however, an area that continues to evolve, and all businesses and their directors will need to be on a journey of continuous improvement when it comes to cyber security.

More information

If you have questions or would like more information about how these recent developments could affect your business, please call 1800 863 113. If you would like to organise a confidential discussion with our data protection and privacy law specialists at a time that suits you, please email us.

Avant Cyber Insurance has been designed to help protect medical practices against many of the common losses caused by a cyber incident. Cover is complimentary when you hold an Avant Practice Medical Indemnity Policy with no additional premium payable.

Call us on 1800 128 268 or email us at memberservices@avant.org.au to find out more about our cybersecurity coverage for medical practices.

Resources

  1. Press, Danielle. Cyber risk: Be prepared. 15 July 2022.
  2. Sarnek, Anna and Dolan, Cristina. Cybersecurity is an environmental, social and governance issue. Here’s why. 1 March 2022.

Disclaimers


IMPORTANT: This publication is not comprehensive and does not constitute legal or medical advice. You should seek legal or other professional advice before relying on any content, and practise proper clinical decision making with regard to the individual circumstances. Persons implementing any recommendations contained in this publication must exercise their own independent skill or judgement or seek appropriate professional advice relevant to their own particular practice. Compliance with any recommendations will not in any way guarantee discharge of the duty of care owed to patients and others coming into contact with the health professional or practice. Avant is not responsible to you or anyone else for any loss suffered in connection with the use of this information. Information is only current at the date initially published.

To Top

NSW State Office AddressLevel 6, Darling Park 3, 201 Sussex Street, Sydney NSW 2000
Telephone 02 9260 9000 | Facsimile 02 9261 2921

Mailing addressPO Box 746 Queen Victoria Building NSW 1230

Connect with Avant

facebookxlinkedininstagramyoutube

In the spirit of reconciliation Avant acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their Elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.

IMPORTANT: Professional indemnity insurance and the Practice Medical Indemnity Policy available from Avant Mutual Group Limited ABN 58 123 154 898 (Avant Mutual) are issued by Avant Insurance Limited, ABN 82 003 707 471, AFSL 238 765 (Avant). Avant Cyber Insurance cover is available to eligible Avant Practice Medical Indemnity Policy holders up to the cessation of their policy and is provided under a Group Policy between Liberty Mutual Insurance Company ABN 61 086 083 605 (Liberty) and Avant. Private health insurance products are issued by The Doctors’ Health Fund Pty Limited, ABN 68 001 417 527, a member of the Avant Mutual Group. Avant arranges Avant Business Insurance as agent of the insurer Allianz Australia Insurance Limited ABN 15 000 122 850, AFSL 234 708 (Allianz) and may receive a commission on each policy arranged. Avant Travel Cover is available under a Group Policy between QBE Insurance (Australia) Limited, ABN 78 003 191 035, AFSL 239 545 (QBE) and Avant Mutual. Avant Travel Cover is underwritten by QBE and Avant may receive a benefit for arranging cover. Avant Financial Services is a registered business name of Avant Doctors’ Finance Pty Ltd (ACN 637 769 361) and licensed to Avant Doctors’ Finance Brokers Pty Ltd (ABN 75 640 406 784). Avant Doctors’ Finance Brokers Pty Ltd is a wholly owned subsidiary of Avant Doctors’ Finance Pty Ltd. Loan products may be provided by Avant Doctors’ Finance Pty Ltd or arranged by Avant Doctors’ Finance Brokers Pty Ltd. Credit services or assistance to which the National Credit Code applies are provided by Avant Doctors’ Finance Brokers Pty Ltd as authorised Credit Representative (Credit Representative Number 523242) for LMG Broker Services Pty Ltd ACN 632 405 504 Australian Credit Licence 517192. Legal services are provided by Avant Law Pty Ltd ABN 63 136 429 153 (Avant Law). Liability limited by a scheme approved under Professional Standards Legislation. Legal practitioners employed by Avant Law are members of the scheme.


The information provided on this website is general advice only and has been prepared without taking into account your objectives, financial situation and needs. You should consider these, having regard to the appropriateness of the advice before deciding to purchase or continue to hold these products. For full details including the terms, conditions, and exclusions that apply, please read and consider the relevant Product Disclosure Statement or policy wording and Target Market Determination (TMD) which are available on this website or by contacting us on 1800 128 268. Information on this site does not constitute legal or professional advice, and is current as at the date of initial publication.