'Australians lost over $634 million to scams in 2019. This is a 30 per cent increase on 2018, when $489 million was reported lost.'1
While healthcare professionals generally have a good understanding of their obligations with regard to privacy and confidentiality of health information, there may be less understanding of why health data is so highly sought after by cyber criminals.
On the black market, health information is worth between 10 and 40 times more than a credit card number. However, unlike a credit card or bank account number, health information can’t have a ‘stop’ put on it and it can’t be changed. There is enough information in a health record for it be used fraudulently by cyber criminals to impersonate individuals and organisations. The criminals subsequently use this information to set up credit cards, take out loans or drain bank accounts.2
There is a high probability that your healthcare organisation or your staff have been the target of a scam in 2020, in the majority of cases the scam is delivered using the method of phishing.
Phishing involves a malicious actor sending a message that appears to be from a legitimate source, to trick the receiver into revealing important information, such as log-in credentials.
‘Data breaches reported by the healthcare sector show that 45% were the result of phishing attacks.'3
Take some time this Scams Awareness Week to make sure you and your staff are educated about the increased prevalence and sophistication of scams.
Understand how to protect your organisation and people’s identity by practicing secure behaviours (PDF, 540.27 KB) when online. The Agency has a range of free resources, including an online Digital Health Security Awareness course for people who work in healthcare. These resources can help you to understand and manage your security risks.
Tips to protect yourself from these types of scams
- Think before you click (PDF, 886.96 KB) on links or attachments in suspicious texts, social media messages or emails.
- Independently source contact details and website addresses, rather than using information in an email or online message. For example, to reach the myGov website type ‘my.gov.au’ into your browser yourself; and before paying an invoice call the supplier to confirm details (in case the email has been tampered with).
- Never respond to unsolicited messages or calls that ask for personal or financial details, even if they claim to be a from a reputable organisation or government authority.
Learn more about Scams Awareness Week
Visit scamwatch.gov.au to learn more about Scams Awareness Week and the Agency’s Cyber Security webpage to access information including:
Australian Competition & Consumer Commission - 'Targeting scams 2019 report' https://www.accc.gov.au/publications/targeting-scams-report-on-scam-activity
Becker’s Health IT – ‘Medical records 10x more valuable to hackers than credit card information’ https://www.beckershospitalreview.com/healthcare-information-technology/medical-records-10x-more-valuable-to-hackers-than-credit-card-information.html
Office of the Australian Information Commissioner, data breach statistics - https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-statistics/
SC Magazine 22 July 2020 - 'COVID-19 accounts for most 2020 cyber attacks.
Australian Taxation Office - Scam Alerts https://www.ato.gov.au/General/Online-services/Identity-security/Scam-alerts/ Latest alerts ‘July 2020 SMS and email scams – verify your myGov details.’ https://www.ato.gov.au/General/Online-services/Identity-security/Scam-alerts/#July2020SMSandemailscam