×

Are your contact details up to date? Login to view and update your personal details for the upcoming financial year.


Introduction

  1. Disclaimer

Cyber security in general practice

A cybersecurity incident can be devastating for a general practice. In addition to the very serious risk of compromising patient data and other sensitive information, it can lead to financial loss, reputational damage, possible legal liability, identity theft, and potential for loss of access to critical business systems. This guide will help practices prepare for and respond to a cybersecurity incident.

Malicious or criminal attacks accounted for over 68% of all notifiable data breaches in 2024.1 General practices are particularly vulnerable to cybersecurity incidents as they hold valuable data and can be seen as an easy target for cybercriminals.2

As the digital healthcare landscape in Australia continues to evolve, so do the cyber security risks for general practice and the healthcare sector more broadly. Technologies are rapidly innovating, including digitally supported modes of care and platforms. This creates complexity around the secure and appropriate sharing of data with other health professionals, patients and medical researchers.

Practice owners who are responsible for the running of a general practice play a crucial role in cybersecurity by ensuring resources are allocated to actively prevent and manage cyber risks and by creating a culture of security awareness across the practice.

Tennant GPs and members of the practice team are vital in preventing cybersecurity attacks by following security policies, reporting suspicious activity and recognising potential threats

Cybersecurity protection is crucial for general practices using My Health Record and other government services to safeguard sensitive patient information, ensure data integrity, and maintain operational efficiency. Robust cybersecurity measures help to ensure compliance with the legislation that governs the My Health Record system, including the My Health Records Act 2012 and the My Health Records Rule 2016.

According to reports from the OAIC, as shown in the table below, health service providers consistently report the highest number of data breaches compared to other sectors in Australia.


OAIC report: Top industry sectors to notify data breaches (July – December 2024)

Australian Government Office of the Australian Information Commissioner (2025) Notifiable Data Breaches Report Accessed 5 August, 2025.3


The threat of cybercrime, which encompasses illegal activity conducted through computers, networks, or other digital systems, continues to grow in both scale and impact.

General practices are frequent targets of ransomware, phishing and other malicious attacks that can expose sensitive clinical and business data.

Establishing a culture of openness, supported by clear processes for reporting incidents promptly to practice management, is essential for minimising harm and maintaining trust.

References 
 

  1. Office of the Australian Information Commissioner. Notifiable Data Breaches Statistics Report: January to June 2024. Sydney: OAIC, 2024
    Office of the Australian Information Commissioner. Notifiable Data Breaches Statistics Report: July to December 2024. Sydney: OAIC, 2025
  1. Martin G, Martin P, Hankin C, Darzi A, Kinross J. Cybersecurity and healthcare: How safe are we? BMJ 2017;358:j3179.
  2. Australian Government Office of the Australian Information Commissioner (2025). Notifiable Data Breaches Report. 
This event attracts CPD points and can be self recorded

Did you know you can now log your CPD with a click of a button?

Create Quick log

 

Advertising