welcome to

The practice happy blog

Keep up to date with the latest updates & exciting news from the coreplus team.

Aug
1
Circle Author Overlay

Posted by Yianni Serpanos, August 1st, 2018

Well it’s been an interesting year for security & privacy in healthcare & health-tech.

We hear about it from well intentioned consultants/ advisers in advance, but it takes time for small businesses to react to things they know and understand, let alone things they don’t (e.g. cyber security & privacy as a culture).

We’ve been building a community of advisers at coreplus for some time and one of the key reasons is that we recognize how important it is for healthcare businesses to embrace knowledge, processes and systems that deal with the business side of things in a better way and specific to the laws of Australia.

I strongly encourage you to build a team of advisers around your business that represent skills/ capabilities that YOU don’t have or are not strong at.

Such skills could be book keeping, tax, cash-flow management, marketing, referral management amongst other things as well as security and/ or privacy.

This blog is focused on some recent statistics issued by the OIAC (Office of Australian Information Commissioner).

So let’s look at some insights:

Notifiable Data Breach: June Quarter 18: Executive Summary

 

Of the 242 notifications system faults where minimal and related to systems outside of the healthcare industry e.g. financial technology.

Key Insight: Security & Human Error represented the majority of breaches.

Let’s take a look in more detail:

Chart 1.1 — Number of data breaches reported under the Notifiable Data Breaches scheme by month — All sectors

chart1.1 – Number of data breaches reported: month by month since January 2018 under the Notifiable Data Breaches scheme.

 

Naturally there’s a trend upward given the scheme on recently came into play.

I would expect this to continue growing as more Australian’s become aware of the scheme and inform businesses they are interacting with that they have experienced a breach.

This of course is in addition to companies under the scheme self reporting when they become aware of breaches through internal processes.

Chart 1.2 — Number of individuals affected by data breaches in the quarter — All sectors

Number of individuals affected – All sectors.

 

This graph shows 63% of breach events affected small groups of less than 100 people.

Chart 1.3 — Kinds of personal information involved in data breaches by number of notifications — All sectors

NB: Data breaches may involve 1 or more kinds of personal information.

 

Although this graph shows 25% of breaches specifically related to health information as defined by section 6FA of the Privacy Act 1988 (Cth), other information is more prevalent when breaches have occurred e.g. contact, financial & identity.

Chart 1.4 — Malicious or criminal attack breakdown — All sectors

 

Malicious or criminal attacks were the largest source of data breaches this quarter, accounting for 59 per cent.

 

 

Ensuring you have tight security to the outside world is always good advice, but how do you deal with theft of paperwork or data storage devices?

Essentially this is a case for using products like coreplus where data is stored offsite, electronically and available to you as and when needed using secure log in credentials and two factor authentication (2FA).

Key Observation: If a breach is likely to occur, Client files stored in paper form or on portable hard drives/ pc’s most likely to result in theft and/ or cyber incident.

Here’s what cyber incidents looked like across the breaches reported:

Chart 1.7 — Cyber incident breakdown — All sectors

 

The majority of cyber incidents linked to credentials compromised.

 

These statistics really demonstrate that the security policies and cultural adoption of the policies within your practice can really make a difference.  Brute Force Attacks should be easy to protect against by using stronger passwords and password management.

If you want some guidance here, check out products like Dashlane or similar which do a great job in allowing you to apply long, complicated passwords without even having to remember them all.  This means you can make a real difference to the risks of being breached by having a unique password for everything you need a password for.  Feel free to contact our Customer Success Team for more information using your in-product direct messaging application.

I won’t bang on about it further as the report goes on into more and more detail.

If you have a further interest see the OAIC’s using the link provided.

I’m planning a further review of the Top 5 Sectors affected as Health service providers is Number 1 in terms of number of data breaches received and I’m interested in what we’ll take from those statistics.  Looking forward to sharing some more insights and responding to any thoughts/ comments you have.

 

Leave a Reply