Digital Health Cyber Security Centre
Established to support secure operation of national digital health systems, and protection for Australian personal health information that is stored and transacted through the Australian Digital Health Agency, the Digital Health Cyber Security Centre (Digital Health CSC) also aims to raise the security awareness and maturity across the Australian digital healthcare ecosystem.
Following the themes Partner. Secure. Inform. Respond. the Digital Health CSC provides a range of cyber security capabilities to support secure national digital health operations across Australia. This enables the Agency to monitor and assess the cyber threat, as it evolves. In addition, these capabilities will facilitate regular review and improvements to the Digital Health CSC approach.
Cyber Security Partnerships
Proactive cyber security information gathering
With the aim of maximising available resources and reducing duplication of effort, the Digital Health Cyber Security Centre is establishing partnerships with a range of national and international cyber security organisations, across government and the private sector. These partnerships will improve our knowledge of the cyber threat, and leverage shared expertise and material across organisations.
Information gained through these partnerships will be used to support the development of guidance materials and threat intelligence information for the digital health sector.
Securing Digital Health
Greater protection for national digital health systems and services
In working to provide greater protection for national digital health systems and services, the Digital Health Cyber Security Centre will leverage knowledge gained through industry partnerships to secure national digital health systems and services from the cyber security threat.
To achieve this, we’re implementing a range of measures to support secure management and use of national digital health services and systems. This includes operational security activities and a focus on incorporating security at the design stage for national digital health systems.
In addition, through provision of guidance materials, we will support secure operation of digital health systems across the health sector.
Cyber Security Incident Response
Effective incident response
As the system operator for a range of national digital health systems, the Digital Health Cyber Security Centre (Digital Health CSC) will take the lead in coordinating security incident response activities relating to national digital health systems or services operated by or for the Australian Digital Health Agency. The Digital Health CSC will work with other areas of the Agency to protect against the loss of confidentiality, integrity and availability of health information.
In the event of a significant cyber security incident, the Digital Health Cyber Security Centre will work closely with the Australian Cyber Security Centre (ACSC), which has responsibility for operational leadership of all crisis or major cyber security incidents impacting Australia and Australian interests. If the healthcare sector is impacted directly or indirectly by one of these incidents, the Digital Health CSC will assist the ACSC by working with them to coordinate the healthcare sector response.
Using our knowledge of the healthcare sector, together with established relationships across the sector, the Digital Health CSC will work with the Health Department’s Health Emergency Management Branch and the ACSC to prioritise organisations that need assistance.
Cyber Security Guidance
The Digital Health Cyber Security Centre is leveraging knowledge gained through partnerships with cyber security organisations to provide members of the digital healthcare ecosystem with information about cyber threats and mitigations.
A range of guidance materials will be developed over time and added to the list below.
Risk Mitigation Advice
- Ransomware (PDF, 189kB) – a briefing for senior managers (Word Doc version also available)
- Preventing and recovering from ransomware (PDF, 210kB) - information for IT staff (Word Doc version also available)
Additional information Sources
Additional guidance materials and information is available on the following websites: