Cybersecurity
15 October 2019
Cybersecurity
As more of our lives and work move online, cybersecurity becomes ever more important. It’s a particularly pressing concern for our HealthyPractice members, given the sensitivity of the records they hold about their patients.
That’s why MAS is proud to support Cyber Smart Week (14-18 October) – an initiative organised by the New Zealand Government’s cybersecurity agency CERT NZ.
Cyber threats have been around for decades but they’re increasing in frequency and impact. In Q2 of 2019, CERT NZ received reports of almost 1,200 cyber incidents – a 21% increase on Q1 2019. Of those 1,200 incidents, 59% of the reports related to incidents targeting individuals.
The most common incident reported was some sort of scam or fraud, followed by phishing and credential harvesting attacks, with unauthorised access incidents coming in third.
It can be difficult to quantify the full impact of these incidents, but CERT NZ believes they caused around $6.5m in direct financial loss in Q2 2019, up from $2.2m in the same period last year.
Cyber Smart Week is a great time to check your online security and make sure you’re taking some simple steps to keep yourself and your patients’ records safe.
Change your passwords regularly
Put simply, you need strong passwords and you need to change them regularly. It might be convenient to use “password” for everything but you’re putting your patients’ information at severe risk. You should aim to change your passwords every few months, and it’s a good idea to use a combination of letters, numbers, and symbols in your password. As far as remembering your passwords, there are various password managers that will help you keep track of everything.
Make sure you stay on top of all the relevant software updates
The next job is to make sure your IT system is fully supported and that you keep up-to-date with any software updates that are issued. Not only do those updates improve the usability of your system, they also contain regular security upgrades to patch any flaws.
Use two-factor authentication
Two factor authentication (2FA) is a way of double-checking someone is who they say they are when they try to login to a system. So, as well as providing their username and password, they will often be asked to enter a special code that is texted to their phone. You can add 2FA to all sorts of things but it’s essential on systems like email or accounting software and databases holding patients’ records.
Update your default credentials
New IT products generally ship with a set of default credentials – passwords, administrator access rights and so on – to help users get set up. Once this set-up is done, you’re supposed to change these defaults to something unique to you but that doesn’t always happen. So it’s a good idea to check to see what sort of settings your hardware or software has, and if you see any of those defaults still in place, make sure you change them immediately.
These are a few basic tips to get you started but cybersecurity is something you need to take seriously, and it may be worth seeking professional advice, tailored to the needs of your practice.
Cyber threats are always evolving so it’s also something you need to check in on regularly, and make sure your staff receive regular training. For more general information on cybersecurity, check out the resources at www.cert.govt.nz.
Cyber insurance
If you’re worried about what might happen to your practice if you suffer a cyberattack, you might also want to think about cyber insurance. MAS has partnered with Delta Insurance and Frank Risk Management to provide cyber insurance for practices like yours. This insurance covers things like business interruption, data forensic expenses, IT consultation services, and public relations costs. When you take up this insurance, you also get a free cyber health check, with ongoing regular advice and technical guidance.
If you want to find out more, visit www.frankiemed.nz or call Frank Risk Management on 07 903 5000.
Other recent articles
5 February 2026
2026 Off to a Flying Start
As we lament the end of the holidays and ask ourselves where has summer gone?!, we’re also looking ahead to another busy year — particularly given the volume of legislative change expected in 2026 (more on this below). We’re pleased to welcome Emma Wasson to the Healthy Practice team, who joined us in January in the newly created role of HR Coordinator-Healthy Practice. Emma will be focused on supporting our HealthyPractice Advisers and strengthening the resources available to you. She’ll also be involved in developing our annual reports, including the staff-ratio and GP remuneration reports, due out early this year.
16 December 2025
Happy Holidays
As we approach the end of the calendar year, we’d like to thank our Subscribers and MAS Members for your continued support of the Healthy Practice service and team. It has certainly been another busy year. Throughout 2025, we’ve seen the matters coming through become increasingly complex and varied, alongside a noticeable increase in change activity across the health and practice sectors. This year has also brought change for us, with the retirement of the much-respected and one-of-a-kind Shaun Phelan and Fiona Mines, as well as broader change across MAS.
31 October 2025
Times they are changing… again!
We’re thrilled to introduce our new manager, Hayden Saunders. Hayden joined MAS in September 2022 and has been a key part of our internal People and Culture team, serving as Head of HR Business Partnering. He brings a deep well of expertise in HR and employment relations, nd is based at our corporate head office in Wellington alongside the rest of the team. Hayden is eager to dive into the diverse range of queries we receive and support the HealthyPractice community.
Join other practices already using HealthyPractice.
Register now