Cyber security and data privacy are increasingly important due to the digitisation of health information and the increasing sophistication of cyber activity.
During the COVID-19 pandemic, these threats increased significantly in line with a global rise in cyber-attacks, with much of the malicious activity focused on phishing attacks in an attempt to convince people to click on suspicious emails and attachments.
Our information and cyber security policy and practices are risk-based and focus on protecting the confidentiality, integrity, and the availability of our critical assets (people, systems, and processes).
Actions taken to strengthen cyber security include:
- Staff training on information and cyber security risks
- Prompt patching of internet-facing software, operating systems and devices
- Use of multi-factor authentication across remote access services
- A comprehensive risk response available for significant cyber breaches
- Critical infrastructure managed through a multinational ICT organisation with Defence strength capability
Awareness training is seen as a critical element of our strategy, with the Office of the Australian Information Commissioner (OAIC) reporting that at least 67% of breaches in Australia are caused by human error. Training has been tailored to be engaging and relevant to staff roles and will become a regular part of our education programs allowing knowledge, sentiment and engagement to be tracked.