The recent Optus data breach, where millions of customers’ personal information was leaked, is a reminder for all businesses to remain vigilant when it comes to their cyber security and compliance protocols.
Failure to manage the risks can have costly consequences. Recently, a business was ordered to pay $750,000 to the Australian Securities and Investment Commission (ASIC) for breaching its licence obligations, after they had failed to adequately manage their cybersecurity risks.
Medical practice owners and managers will be expected to remain proactive about cybersecurity and ensure their systems and processes can appropriately respond to a cyberattack.
Why the heightened interest?
Protecting personal information continues to grow as an essential function of businesses everywhere, especially when it comes to sensitive information in sectors such as the health industry.
According to the World Economic Forum, cyber risk has been recognised as “the most immediate and financially material sustainability risk that organisations face today”. Cyber security attacks are becoming more sophisticated, particularly with high profile cyber security incidents taking place and coverage in the media.
It's a clear message from the corporate regulator: be prepared.
According to ASIC, no business is too small for a cyber security strategy.
Medical practices are routinely collecting, storing, utilising and disclosing personal information. In light of the heightened attention and elaborate cyberattacks globally, it is good timing to look at your systems and processes and ask yourself:
- Do you have appropriate cyber security risk management systems in place, and do they give you enough visibility of cyber risks so you can comply with your disclosure obligations?
- Is there a way of testing and verifying the effectiveness of those risk management systems?
- Are your current cyber security and IT systems adequate to store information securely and protect against third party infiltration?
- Could you promptly identify any data breaches (actual or potential) and satisfy your reporting requirements?
- Do your contracts with IT vendors protect your business by addressing and managing potential security breaches?
- Do you have appropriate practice medical indemnity insurance cover in place to cover the legal costs of defending your practice and employees against unintentional breaches of privacy and confidentiality?
Hopefully you are confident the answer to each of these questions is ‘yes’.
Cyber risk is, however, an area that continues to evolve, and all businesses and their directors will need to be on a journey of continuous improvement when it comes to cyber security.
If you have questions or would like more information about how these recent developments could affect your business, please call 1800 863 113. If you would like to organise a confidential discussion with our data protection and privacy law specialists at a time that suits you, please email us.
Avant Cyber Insurance has been designed to help protect medical practices against many of the common losses caused by a cyber incident. Cover is complimentary when you hold an Avant Practice Medical Indemnity Policy with no additional premium payable.
Call us on 1800 128 268 or email us at email@example.com to find out more about our cybersecurity coverage for medical practices.
Article Cyber Security and Health Practices– No Room for Oversight
Article Cyber resilience good practices
Press, Danielle. Cyber risk: Be prepared. 15 July 2022.
Sarnek, Anna and Dolan, Cristina. Cybersecurity is an environmental, social and governance issue. Here’s why. 1 March 2022.