Cyber security is essential for every Aboriginal Community Controlled Health Service (ACCHS). It protects sensitive health information, builds community trust, and ensures safe, continuous care. Strong cyber security involves both technical safeguards and people-focused, culturally informed practices.
Common Cyber Threats to ACCHSs
1. Ransomware
Malicious software that locks systems and data until a ransom is paid.
Impact:
- Loss of access to patient records
- Service disruptions
- Financial and reputational damage
2. Phishing & Social Engineering
Scam emails, texts or calls designed to trick staff into clicking harmful links, sharing passwords, or authorising fraudulent payments.
Impact:
- System breaches
- Malware installation
- Financial loss
3. Malware (Viruses, Trojans, Spyware)
Software designed to damage, steal, or secretly monitor data.
Impact:
- System instability
- Patient data theft
- Remote attacker access
4. Data Breaches
Unauthorized access or disclosure of patient information—whether accidental or deliberate.
Impact:
- Serious loss of trust
- Legal obligations under the Notifiable Data Breach scheme
- Identity theft and patient harm
5. Supply Chain Attacks
Attackers target third-party vendors (e.g., IT providers, clinical software) to gain access to ACCHS systems.
Impact:
- Breaches via external partners
- Difficult investigations
- Exposure of hosted patient data
Core Cyber Security Measures for ACCHSs
Risk Assessment
- Regular reviews to identify cybersecurity risks unique to your service.
Access Control & Identity Management
- Strong passwords and Multi-Factor Authentication (MFA)
- Least-privilege access
- Immediate removal of accounts for departing staff
- Avoid responding to suspicious emails or links
Endpoint & Network Security
- Updated antivirus and anti-malware protection
- Secure Wi-Fi and network segmentation
- Regular software and system patching
- Firewalls and intrusion monitoring
Data Protection & Resilience
- Encrypting data in transit and at rest
- Regular, tested backups (including offline copies)
- Minimising the amount of sensitive data stored
Staff Training and Cyber security awareness
Cybersecurity is a shared responsibility. Every staff member—clinical, administrative, and contracted—plays a role. Refer to the Australian Digital Health Agency website for more details Cyber security training and support
Training Options
The Australian Digital Health Agency provides free eLearning modules:
- Digital Health Security Awareness
- Secure Telehealth and Online Conferencing
- Cyber Security for Remote and Home Working
Additional Supports
- Custom cyber awareness webinars
- podcasts covering security and digital health topics
Cyber Security Alerts through the Agency and the Australian Cyber Security Centre (ACSC) – Subscribe to Digital Health Cyber Security Alerts to receive timely information about threats to digital health software and relevant cyberattack campaigns. Additionally, the Australian Cyber Security Centre (ACSC) offers a free service for Australian internet users, providing information on recent online threats and management strategies. You can sign up for ACSC alerts directly through their website.
Cyber Champions Network
ACCHSs can Join the Cyber Champions Network, supporting peers to build strong cyber awareness and resilience across the healthcare sector.
