Data security: it’s on everyone’s agenda. Beyond the recent Cambridge Analytica whistleblowing scandal, Australian businesses have felt the impacts of data breaches multiple times over the past few years.
One of the most high-profile of these, the WannaCry ransomware attack, saw Australia’s healthcare sector come into the limelight, as corresponding industries around the world were targeted by the malicious entity. With so much sensitive information stored in any healthcare facility’s databases, it’s absolutely critical to protect patients with high-level security measures.
As a starting point, the Australian Signals Directorate’s (ASD) Essential Eight can establish a foundation of good security principles in your organisation. Has your journey begun?
The Essential Eight: A summary
The Essential Eight is a set of eight strategies prepared by the ASD to help any organisation prevent malware execution, and mitigate the extent to which it can cause harm and to recover information should it be lost. Specifically, Australian medical practitioners can:
1) Whitelist applications
This creates a set list of apps that can run on your system, preventing unauthorised malware from accessing your data.
2) and 3) Constantly patch applications and operating systems
Updates and patches are more than improvements – they are, in essence, a signpost for hackers that developers found a weakness in the existing code. By patching as soon as possible, you prevent malicious entities from taking advantage of those weaknesses.
4) Harden your applications
This means actions like blocking Flash and advertisements from running. These are popular vehicles for malware delivery, and can easily trick unexperienced users.
5) Block macros from the internet
As the ASD notes, Microsoft Office macros are another popular site of entry for malware. By limiting macro execution to those from locations you trust, you can prevent malware from executing.
6) Restrict administrative privileges
Who in your organisation has access to change network settings or view sensitive data? The fewer, the better – if one malicious entity can hijack a user with admin access, all of your records could be compromised.
7) Implement multi-factor authentication (MFA)
This prevents the disclosure of one password from compromising your entire network. Use MFA for any actions involving sensitive data or your network / system settings – it can be a tedious extra step, but will always be worth it.
8) Back-up everything
Configuration settings, critical patient data, any personal information and all software and apps should be stored offline (and ideally offsite). That way, in the event of a data breach, you have a safe repository from which all information can be restored.
How the Essential Eight helps healthcare in Australia
Australian healthcare organisations deal with more personal information that most other industries. Patient records, financial information and confidential data absolutely must be protected at all times. This goes beyond patient obligations and good sense – under the Notifiable Data Breaches scheme, there can also be significant penalties if you fail to report breaches correctly.
Like with most ailments, prevention is the best cure. If you want to find out more about improving your healthcare facility – whether through improved tech or better design – contact the team at Space for Health.