Information security in general practice

Cybersecurity attacks and how to respond

    1. Cybersecurity attacks and how to respond

Last revised: 21 Apr 2023

Cybersecurity attacks and how to respond

A cybersecurity incident is a malicious IT event that can involve an attempt to steal data, money or intellectual property, destroy data, or prevent computers or networks from operating.

Such an event can be devastating for a general practice. In addition to the very serious risk of compromising patient data and other sensitive information, it can lead to financial loss, reputational damage, possible legal liability, identity theft and potential for loss of access to critical business systems.

General practices are particularly vulnerable to cybersecurity incidents as they hold valuable data and can be seen as an easy target for cybercriminals.

The RACGP has created a fact sheet on responding to a cybersecurity incident to help GPs and practice staff understand:

  • signs of a cybersecurity incident
  • common types of incidents including phishing, malware and ransomware
  • how to prepare and prevent a cybersecurity incident
  • how to respond to a cybersecurity incident and ransom demands
  • step-by-step information on what to do to limit the damage, resume clinical practice, and prevent future incidents.

Standards indicator

C6.4D Our practice has a business continuity and information recovery plan.

You must maintain up-to-date antivirus protection and hardware/software firewalls.

Please note, if using cloud-based systems, you must develop policies that ensure strong security features, and backups must be available. It is recommended that you test your cloud systems to ensure efficiency.


Create a policy: Protecting against malicious software

Your policy should specify monitoring procedures to detect malicious software and provide advice on what to do if malicious software is detected.

Your policy should cover:

  • the malicious software protection used and enabled on all practice computers
  • access to disable, bypass, or adjust the setting on malicious software protection
  • how updates of malicious software protection occur
  • the process for scanning all incoming email attachments
  • the process for scanning all documents imported into your practice information systems
  • how automatic data/signature file updates are managed
  • managing the ‘cookies’ feature in web browsers so it is turned off (although some legitimate software may need this turned on to function properly)
  • access to training for the practice team in malicious software prevention and how to report all incidents
  • automatic upgrades occurring on computers left running out of practice hours.


Useful resources

Have I Been Pwned (HIBP) - HIBP is a free resource for anyone to check if your email or phone is in a data breach. You can quickly assess if your practice may have been put at risk due to an online account having been compromised or "pwned" in a data breach. Access the HIBP site