WEAKNESSES in data security procedures used by hospitals have been exposed by the Victorian Auditor-General's Office (VAGO).
The VAGO Security of Patients' Hospital Data report, released last month, found the state's public health system was "highly vulnerable" to cyber-attacks, with hospital pharmacy information open to corruption.
"There are key weaknesses in health services' physical security, and in their logical security, which covers password management and other user access controls," the report found.
"Staff awareness of data security is low, which increases the likelihood of success of social engineering techniques such as phishing or tailgating into corporate areas where ICT infrastructure and servers may be located.
"We exploited these weaknesses in all four audited agencies and accessed patient data to demonstrate the significant and present risk to the security of patient data and hospital services.
"The audited health services are not proactive enough, and do not take a wholeofhospital approach to security that recognises that protecting patient data is not just a task for their IT staff."
The VAGO issued a series of recommendations urging the state's Department of Health and Human Services to review and expand cybersecurity controls, develop and deliver specialist training for health sector staff, and develop processes to monitor whether all third-party vendor comply with data security requirements.
The report also said clear service level expectations and security responsibilities need to be established for any new joint venture agreements for Rural Health Alliances and member health services.
The above article was sent to subscribers in Pharmacy Daily's issue from 14 Jun 19
To see the full newsletter, see the embedded issue below or CLICK HERE to download Pharmacy Daily from 14 Jun 19
