Health Sector and Cyber Risk

Health Sector and Cyber Risk

July 24, 2020 Views: 675
  • SHARE:

Privacy Act 1988 regulation impose obligations on health practices for safekeeping and privacy of health records which include sensitive personal information of patients and their medical condition

The Australian government introduced the notifiable data breach scheme on 22nd February, 2018. As per this scheme, health practices can be penalised by the Privacy Commissioner for negligence in protecting sensitive information held by the medical practice. They must now notify individual’s whose data has been compromised.

Combined with regulatory risk, the threat of malicious activity or human error in relation with IT systems can cause security events which can cause of loss of critical data, system glitches and interruption to business operations and result in loss of profit.

Investment in cyber security

Health practices must maintain security postures and demonstrate investment security initiatives firewalls, anti- virus, encryption, patch management and staff training. Cyber risk calls for risk management through a combination of elimination, mitigation and transfer mechanisms. Similarly, the increase in social engineering attacks puts at risk operational continuity of a health practice because of which patient could find it hard to access the right treatment when required.

Cyber insurance 
  • Cyber insurance offsets operational, regulatory and financial costs associated with security incidents.
  • Cyber insurance offsets cost of notification
  • Cyber insurance provides incident response.
Cyber insurance – Coverage
  • Notification Costs/ PR Expenses – Expenses for notifying individuals and use of Public Relation firms and their fees
  • Regulatory Fines – payment for fines imposed by the Privacy Commissioner 
  •  Restoration costs related to data and system – cost of restoring data and systems if they are made inaccessible after an incident
  • Cyber Response Team – Clients are provided with a Panel when they make a claim – this panel consists of a PR firm, Legal firm and Forensic firm, this panel is made available within 24 hours after an incident . The cost of this panel is borne by the Insurance company 
IT considerations before acquiring cyber insurance 
  • The clinic must ensure it can demonstrate both financial and operational investment into cyber security tools such as firewalls, backups, processes and privacy policies
  • Consult your IT provider and request a comprehensive cyber security risk assessment
  • Ensure your staff are aware of what cyber security is and that they can demonstrate awareness of the risks associated with cyber crime
  • Consult your IT provider to ensure that your practice is compliant with the cyber insurance IT requirements

Rend Tech Associates is one of Australia’s leading Healthcare IT firms focussing on cyber security, healthcare innovation and technology solutions supporting healthcare service delivery.

Cyber Data-Risk Mangers is a recognised expert in the field of cyber insurance. Meena Wahi, Director of the company. She speaks at conferences along with CISO, law firms and consulting firms on Cyber risk.

General Advice Warning: This advice is general and does not take into account your objectives, financial situation or needs. You should consider whether the advice is appropriate for you and your personal circumstances. Before you make any decision about whether to acquire a certain product, you should obtain and read the relevant product disclosure statement.

Meena Wahi ABN : 34 161 961 422 AR Number: 438443

Advisr does not provide advice and does not hold a financial service license (AFSL). All information above has been provided by Meena Wahi.

Like what you're reading? Subscribe to our top stories.

Follow us on LinkedIn, Facebook, and Twitter.

  • SHARE:
Written by

Meena Wahi

Comments (0)

Related brokers