In worrying news for Victorians, recent investigations by Victoria’s auditor-general revealed weaknesses in physical security as well as password management and user access controls across a number of the state’s health services.
The report which was released today states that; “Staff awareness of data security is low, which increases the likelihood of success of social engineering techniques such as phishing or tailgating into corporate areas where ICT infrastructure and servers may be located,”
Penetration testing of all 4 of Victoria’s health services, (Barwon Health (BH), the Royal Children’s Hospital (RCH), and the Royal Victorian Eye and Ear Hospital (RVEEH) revealed these weaknesses.
The report went on to say “The audited health services are not proactive enough, and do not take a whole-hospital approach to security that recognises that protecting patient data is not just a task for their IT staff,”
Whilst MFA swipe cards were already in place within one of the health services included in the audit, another indicated that the task of implementing MFA in the form of either swipe cards or access tokens for staff would be too difficult a task and that it had the potential to endanger patients in the event of a clinician being without access to the facility without their swipe or access device.
Fault does not always fall to better passwords and MFA implementation. In three agencies, the audit found devices that hadn’t been patched or didn’t have antivirus protection, and had unsecured network ports. Examples of a major malware exploit WannaCry successfully exploited systems that hadn’t applied available patches or were running versions of Windows that were no longer supported by Microsoft.
These vulnerabilities can be easily overcome by planning and effective training of staff.
Are you and your team still using old versions of Windows? Interested in Cyber Security training? After an audit on where you can improve your businesses Cyber Security protection? Contact us at email@example.com or on 1300 331 041 today.