Cybersecurity

Cybersecurity

As more of our lives and work move online, cybersecurity becomes ever more important. It’s a particularly pressing concern for our HealthyPractice members, given the sensitivity of the records they hold about their patients.

That’s why MAS is proud to support Cyber Smart Week (14-18 October) – an initiative organised by the New Zealand Government’s cybersecurity agency CERT NZ.

Cyber threats have been around for decades but they’re increasing in frequency and impact. In Q2 of 2019, CERT NZ received reports of almost 1,200 cyber incidents – a 21% increase on Q1 2019. Of those 1,200 incidents, 59% of the reports related to incidents targeting individuals.

The most common incident reported was some sort of scam or fraud, followed by phishing and credential harvesting attacks, with unauthorised access incidents coming in third.

It can be difficult to quantify the full impact of these incidents, but CERT NZ believes they caused around $6.5m in direct financial loss in Q2 2019, up from $2.2m in the same period last year.

Cyber Smart Week is a great time to check your online security and make sure you’re taking some simple steps to keep yourself and your patients’ records safe.

Change your passwords regularly

Put simply, you need strong passwords and you need to change them regularly. It might be convenient to use “password” for everything but you’re putting your patients’ information at severe risk. You should aim to change your passwords every few months, and it’s a good idea to use a combination of letters, numbers, and symbols in your password. As far as remembering your passwords, there are various password managers that will help you keep track of everything.

Make sure you stay on top of all the relevant software updates

The next job is to make sure your IT system is fully supported and that you keep up-to-date with any software updates that are issued. Not only do those updates improve the usability of your system, they also contain regular security upgrades to patch any flaws.

Use two-factor authentication

Two factor authentication (2FA) is a way of double-checking someone is who they say they are when they try to login to a system. So, as well as providing their username and password, they will often be asked to enter a special code that is texted to their phone. You can add 2FA to all sorts of things but it’s essential on systems like email or accounting software and databases holding patients’ records.

Update your default credentials

New IT products generally ship with a set of default credentials – passwords, administrator access rights and so on – to help users get set up. Once this set-up is done, you’re supposed to change these defaults to something unique to you but that doesn’t always happen. So it’s a good idea to check to see what sort of settings your hardware or software has, and if you see any of those defaults still in place, make sure you change them immediately.

These are a few basic tips to get you started but cybersecurity is something you need to take seriously, and it may be worth seeking professional advice, tailored to the needs of your practice.

Cyber threats are always evolving so it’s also something you need to check in on regularly, and make sure your staff receive regular training. For more general information on cybersecurity, check out the resources at www.cert.govt.nz.

Cyber insurance

If you’re worried about what might happen to your practice if you suffer a cyberattack, you might also want to think about cyber insurance. MAS has partnered with Delta Insurance and Frank Risk Management to provide cyber insurance for practices like yours. This insurance covers things like business interruption, data forensic expenses, IT consultation services, and public relations costs. When you take up this insurance, you also get a free cyber health check, with ongoing regular advice and technical guidance.

If you want to find out more, visit www.frankiemed.nz or call Frank Risk Management on 07 903 5000.