Doctors urged to tackle rising cyber threats in healthcare

Medical clinics are being urged to protect their operations from escalating online threats, with some doctors expressing such serious concerns about cyber attacks that they would opt to revert to paper records.

With the health sector facing an unprecedented wave of attacks, healthcare leaders and Cyber Wardens have united to caution small clinics and practices of their vulnerability to cyber crime, comparable to that faced by larger entities like Medibank.

Ransomware and data breaches represent among the most significant dangers, with healthcare providers topping the list of sectors reporting notifiable data breaches to the Office of the Australian Information Commissioner in 2023. To combat this, small healthcare businesses can now enrol in the free Cyber Wardens program, which has been accredited for Continuous Professional Development (CPD) learning. This allows these businesses to meet their professional development requirements while enhancing their cyber security awareness.

Dr John Williams, President of the Australian Medical Association (SA), identified online crime as one of the most urgent issues for doctors and practice managers, especially for under-resourced clinics in regional and remote areas. He stated, "It is a huge concern. There is a lot of uncertainty about what should be done, what the risks are, and how to address those risks." Dr Williams, a general practitioner in rural South Australia, elaborated that many medical professionals are unprepared and lack the necessary digital literacy.

"As a profession, we need to deal with cyber threats head-on and have proper practices and procedures in place. It is a sleeper issue at the moment as our GPs are so busy, and many don't know how to deal with it—they are hoping it won't happen," Dr Williams said. Highlighting the stakes, the Australian Cyber Security Centre noted that cyber attacks threaten patient safety, the delivery of health services, and the supply of essential products to patients.

Dr Williams further noted that the rising risk in the sector has led to hesitation regarding electronic health records. "I know anecdotally that there is less uptake of electronic patient health records among specialists, as a lot of them see (paper records) as more secure. Unfortunately, that only slows the uptake of things that are potentially fantastic for our patients and the quality of care we can give. So it'd be a real pity to see cyber security concerns getting in the way of progress," he added.

In Australia, doctors are required to complete 50 hours of CPD annually across various activities. The Cyber Wardens program is formally accredited for one hour of CPD learning, applicable to medical practitioners, veterinarians, medical practice managers, and healthcare business owners. Luke Achterstraat, CEO of the Council of Small Business Organisations of Australia (COSBOA), referred to the CPD accreditation as a crucial step in protecting the industry.

"It's no longer just IT experts who are responsible for cyber security—it's critical that Aussie doctors and practice staff are trained in the basics to help fight attacks," Achterstraat asserted. "We don't want to see our health system end up on life support due to cyber criminals. We know from research that only a third of Australian healthcare organisations embed cyber security awareness and training in their organisational policies and procedures."

The Cyber Wardens initiative, a national effort led by COSBOA, is supported by the Australian Government and an industry alliance including Telstra, CommBank, and the Australian Cyber Security Centre, aimed at shielding Australia's 2.5 million small businesses from online threats.