Coronavirus related cyber espionage
The Australian Signals Directorate (ASD)’s Australian Cyber Security Centre (ACSC) has advised that advanced persistent threat (APT) actors are targeting healthcare organisations and medical research facilities, seeking information and intellectual property about vaccine development, treatments, research and responses to the pandemic.
The ACSC assesses that Australian health or research sector and sectors could be at greater threat of being targeted and potentially compromised by ATP groups.  The USA  and UK  governments’ cyber security agencies have also published warnings.
How are attacks occurring?
Threat actors may use COVID-19 themed spear-phishing attacks, ransomware and brute force password attacks. ACSC advised that threat actors have compromised the email servers of health sector entities in Australia, which are then used to distribute COVID-19 phishing emails in an attempt to deploy malicious software, including ransomware, or to gain access to other targeted organisations.
Brute force (password spray) attacks use commonly-used passwords to guess user login credentials for webmail, remote desktop access or cloud-based services such as Office 365. Depending on the credentials and service, successful authentication can potentially lead to the actor gaining access to corporate emails, the corporate directory, global address books, remote desktop services or administrative access. 
What do I need to do?
How could this affect me?
Where can I get more information?
It is vital to let Services Australia know of changes to your practice as soon as possible. To add or remove General Practitioners to your Practice Incentives Program (PIP) use Health Professional Online Services (HPOS). You will need a PRODA account to access HPOS. For further information, click he...
Does your practice have an established security and access policy in place? Healthcare organisations must operate in accordance with relevant policies and legislation when participating in the My Health Record system. They must establish, review, update, maintain, enforce and promote policies that e...
Secure messaging is crucial for effective communication in healthcare. It enables safe and secure sharing of clinical documents and other vital information among healthcare providers, ensuring privacy and security of patient data. This capability allows for seamless interoperability and efficient tr...
There are three different summary documents which may be uploaded by healthcare providers to a patient’s My Health Record. Join this session to learn more about the differences between these documents and understand when and how to best upload them for your patients. The webinar will include a dem...