Latest news

image of AGPAL & QIP's top 4 cyber and data security tips

The importance of cyber and data security – discover our ‘Top 4 Tips’

­­­Cyber threats are feeling closer to home than ever before with more than 150 countries targeted in the largest known virtual software attack in mid-May, impacting and holding ransom to more than 200,000 individual systems.[1] The greatest impact has been seen in the United Kingdom, with the National Health Service forced to cancel hospital operations, deter patients from presenting in E&T and diversion of ambulances from facilities struggling to cope, after computer access to patient files, scans and test results became frozen and inaccessible. General practices were forced to shut down when access to patient records were unobtainable and prescription of medicines was near impossible.[2]

In 2012, hackers undertook an attack on Miami Family Medical Centre, located on the Gold Coast, encrypting data and demanding $4,000 in ransom to release all systems. Although back-up disks and practice programs were corrupted, the functioning back-up system which was not connected to the server ensured all data was retrieved with no records stolen.[3]

Following the peak of this global attack, the Australian Federal Government has confirmed three private businesses have been affected, stressing the importance of information security on computer systems and maintenance of antivirus software to protect against likely future attacks.

The attack exploited vulnerability in Microsoft Windows’ infrastructure infiltrating a software bug into those systems which had not been upgraded, after a repair patch was released in March of this year. The major issue highlighted by this occurrence is the limited understanding of IT infrastructure and security requirements by organisational staff.

As health care providers, computer systems play a central role in day-to-day activities within a practice setting and hold a wealth of personal and sensitive information regarding your patient population. With the looming threat of more cyberattacks set to occur in our digital world, this malicious incident indicates that now is the time to review your current computer security systems, backups and processes to ensure your practice is protected from a pending attack.

Understanding the significance of protecting computer and information security within health services and other office-based practices, the RACGP has developed a number of resources to support health providers with constantly improving their online security and risk management of potential loss of sensitive data. Criterion 4.2.2 Information security, in the current RACGP Standards for general practices 4th edition outlines a number of requirements, roles and responsibilities, systems and processes, and security methods to protect your computer systems and data.

If you’re unsure where to start, it is suggested that your team review your current level of computer and information security by utilising the RACGP’s ‘CISS Checklist’ available as part of the RACGP’s Digital Business Kits (KIT 3.1).  By undertaking this exercise your team will be able to identify any areas of concern and therefore take immediate action.

The RACGP Website also houses the second edition the RACGP Computer and information security standards (CISS). CISS provides general practices with a framework for evaluating risks, and guidance and solutions to improve competency and capacity in computer and information security. This edition includes information to support GPs and your practice team with developing policies that relate to participation with Personally Controlled Electronic Health Records (PCEHR). The Computer and information security templates enable general practices to build a comprehensive suite of computer and information security policies and procedures. These documents and tools can be downloaded by visiting the RACGP website and searching for ‘CISS’.

To further support your practice, AGPAL and QIP’s IT team have identified the top 4 tips to start mitigating your risk when it comes to cyber-attacks and computer and data security.


(Click the image to enlarge)

For more information regarding your accreditation requirements or the topics outlined in this feature, please contact our AGPAL team call 1300 362 111 or email