Cybersecurity
15 October 2019
Cybersecurity
As more of our lives and work move online, cybersecurity becomes ever more important. It’s a particularly pressing concern for our HealthyPractice members, given the sensitivity of the records they hold about their patients.
That’s why MAS is proud to support Cyber Smart Week (14-18 October) – an initiative organised by the New Zealand Government’s cybersecurity agency CERT NZ.
Cyber threats have been around for decades but they’re increasing in frequency and impact. In Q2 of 2019, CERT NZ received reports of almost 1,200 cyber incidents – a 21% increase on Q1 2019. Of those 1,200 incidents, 59% of the reports related to incidents targeting individuals.
The most common incident reported was some sort of scam or fraud, followed by phishing and credential harvesting attacks, with unauthorised access incidents coming in third.
It can be difficult to quantify the full impact of these incidents, but CERT NZ believes they caused around $6.5m in direct financial loss in Q2 2019, up from $2.2m in the same period last year.
Cyber Smart Week is a great time to check your online security and make sure you’re taking some simple steps to keep yourself and your patients’ records safe.
Change your passwords regularly
Put simply, you need strong passwords and you need to change them regularly. It might be convenient to use “password” for everything but you’re putting your patients’ information at severe risk. You should aim to change your passwords every few months, and it’s a good idea to use a combination of letters, numbers, and symbols in your password. As far as remembering your passwords, there are various password managers that will help you keep track of everything.
Make sure you stay on top of all the relevant software updates
The next job is to make sure your IT system is fully supported and that you keep up-to-date with any software updates that are issued. Not only do those updates improve the usability of your system, they also contain regular security upgrades to patch any flaws.
Use two-factor authentication
Two factor authentication (2FA) is a way of double-checking someone is who they say they are when they try to login to a system. So, as well as providing their username and password, they will often be asked to enter a special code that is texted to their phone. You can add 2FA to all sorts of things but it’s essential on systems like email or accounting software and databases holding patients’ records.
Update your default credentials
New IT products generally ship with a set of default credentials – passwords, administrator access rights and so on – to help users get set up. Once this set-up is done, you’re supposed to change these defaults to something unique to you but that doesn’t always happen. So it’s a good idea to check to see what sort of settings your hardware or software has, and if you see any of those defaults still in place, make sure you change them immediately.
These are a few basic tips to get you started but cybersecurity is something you need to take seriously, and it may be worth seeking professional advice, tailored to the needs of your practice.
Cyber threats are always evolving so it’s also something you need to check in on regularly, and make sure your staff receive regular training. For more general information on cybersecurity, check out the resources at www.cert.govt.nz.
Cyber insurance
If you’re worried about what might happen to your practice if you suffer a cyberattack, you might also want to think about cyber insurance. MAS has partnered with Delta Insurance and Frank Risk Management to provide cyber insurance for practices like yours. This insurance covers things like business interruption, data forensic expenses, IT consultation services, and public relations costs. When you take up this insurance, you also get a free cyber health check, with ongoing regular advice and technical guidance.
If you want to find out more, visit www.frankiemed.nz or call Frank Risk Management on 07 903 5000.
Other recent articles
10 June 2026
Privacy updates and training
Due to recent changes, this month we wish to remind you of the update to the Privacy Act 2020 with a new principle called the Information Privacy Principle 3A (IPP3A). For practices’, the new principle means there are additional notification obligations when receiving personal information about a patient from a third party. Under IPP3A, if your practice receives patient information from another provider (such as a lab, hospital, specialist, pharmacy or ACC), you must take reasonable steps to let the patient know their information has been collected. This change applies to any information collected on or after 1st May 2026.
15 May 2026
Welcome Winter!
Winter is on the way, and with it usually comes the usual run of coughs, colds, and other bugs. Most practices will already have their usual measures in place but now is a good time to reinforce the basics and lead by example, particularly when it comes to staying home if you’re unwell. It is also a good time to check that expectations around leave, sick leave and wellbeing are clear heading into winter.
16 April 2026
Easing fuel and living-cost pressures, in practice
While we cannot control the wider economic environment, making clear, practical decisions in response to the current economic pressures can ease the load on our practice and our staff. Rising fuel prices and the broader cost-of-living pressure are not only having financial implications, they are also impacting how we feel about normal day-to-day ‘necessities’, which may be affecting stress levels and causing rising anxiety for some. It is important to focus on what we can change – how we can make small adjustments to support staff, reduce avoidable stress and keep the practice functioning well. own.
Join other practices already using HealthyPractice.
Register now