“We can patch the systems, but we can’t patch humans”
Wellington GP and health IT columnist Richard Medlicott looks at what practices can do to avoid security breaches.
I always intended to write my third column on cybersecurity. The timing was coincidental with the recent incident at Pinnacle Midlands Health Network. At the time of writing, the extent of that particular breach is a bit unclear, but it does look fairly typical in the sense that it’s a large healthcare organisation which has had its defences breached. And there’s resulting anxiety for both patients and the network as to what data might have been copied or accessed and what may come next.
Fortunately, we’re not seeing a ransomware situation which must be incredibly difficult if you get caught up in that situation.
Hacking is a business, and like most businesses there’s a profit motive, systems and continuous quality improvement to how the scams work.
So what can you do?
There are a few things you can do. Firstly, I recommend having an external company that specialises in IT security do penetration testing on your systems. Tū Ora Compass PHO is subsidising this for practices in its region, and I hope to see other practices with us.