Cybersecurity in healthcare

By Krist Davood - November 28, 2017

Starting from the 22 February 2018, most organisations with a turnover above $3 million will fall within the scope of new Privacy Act measures requiring mandatory notification of cybersecurity breaches.

This applies to the healthcare sector too.  Healthcare and cyber colliding can be a visceral experience unless proper planning and preparation is undertaken. Let’s illustrate with an example inspired by a true story.

Consider 27 year old Olivia who has been suffering from chronic heart disease.  Olivia was being prepped for life-saving surgery when a cyber-attack occurred.  The surgeons were unable to access critical systems, the operation was postponed, and Olivia was left waiting for her life-changing event.

With this in mind, healthcare executives would have three main concerns:

  1. Business Continuity
  2. Integrity of systems and data
  3. Privacy

From a cybersecurity perspective, Pitcher Partners recommend that five key artefacts should be in place and signed-off by the executive or the board:

  1. Crisis Management Blueprint
  2. Business Continuity Plan
  3. Encryption Policies
  4. Public Disclosure Plans
  5. Cybersecurity Dashboard, highlighting your compliance with regulatory requirements

As well as protecting against adverse patient outcomes such as Olivia's, these artefacts mitigate compliance risks in relation to relevant Acts and regulations. Some of these will include the Privacy Act Amendments, the Victorian Protective Data Security Framework (VPDSF), the National Institute of Standards and Technology - Cybersecurity Framework (NIST CSF) as well as NIST SP800-30 risk management framework.

Upcoming penalties of up to $1.7 million for companies, and up to $340,000 for individuals, means Directors will need to be prepared for the Privacy Amendment Act (Notifiable Data Breaches) 2017 to ensure they do not pay fines. These penalties do not include reparation costs for customers impacted by the breach.

If your organisation is concerned, please contact Pitcher Partners who can help you perform a Cybersecurity Health Check, a first step towards understanding your risk and evaluating your organisation’s ability to meet your obligations.

Click here to watch our short ‘Cybersecurity in Healthcare’ video.

Krist Davood is a Principal Consultant in Pitcher Partners Consulting (PPC) and PPC’s Cybersecurity Lead.


Contact our experts


Other articles


 

Top of Page







IN THIS SECTION:


Rob Southwell

Sydney

Managing Partner and Partner – Private Clients Group


> View profile

John Brazzale

Melbourne

Partner and National Chairman


> View profile

Michael Minter

Newcastle

Managing Partner


> View profile

Bryan Hughes

Perth

Chairman


> View profile

Tom Verco

Adelaide

Managing Principal


> View profile

Ross Walker

Brisbane

> View profile



Partnership fraud

SUCCESS

Paperwork and independent advice saves partnerships from fraud

Discover more

Kia Ora Horse Stud

CASE STUDY

Pitcher Partners fills a Financial Manager gap to keep the business on track

Discover more

Fuel Injection Company Administration

LEADERSHIP

A fuel injection company began life as an Australian public company before being acquired by a UK publicly listed company while in the research and development stage of a “green...

Discover more



@PitcherPartner Watch livestream 1.00pm today via link https://t.co/4z6oK2QQK5 - PP with Holley Nethercote for Melb Compliance Forum