Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
An audit of Queensland’s health sector has revealed a need to prevent malicious access to healthcare and patient data.
A report released today (15 January) following an audit of Queensland’s health sector has uncovered a looming cyber security threat that could lead to the leaking of health and patient data.
The Queensland Audit Office’s Health 2024 report covered the state’s Department of Health, 16 hospitals and health services, as well as 13 hospital foundations, four statutory bodies, and two “entities controlled by other health entities”.
While the report covered a range of issues, from staff shortages to delays in patients seeing doctors, the audit found several problems in information security in the Department of Health.
In fact, the number of control deficiencies found by the audit rose to 13, compared to the seven reported last year.
Six of the deficiencies relate to a failure to remove user access relating to terminated staff or unused accounts “in a timely manner”, while three are related to poor password controls.
Two deficiencies in security and monitoring controls were also found, as well as two instances of users having more access to data than their positions required.
“It is critical that the department addresses the weaknesses in its information systems controls,” the report said.
“In addition to its own systems, it is responsible for supporting the information technology needs of the 16 [hospital and health services]. The impact of a successful cyber attack on the hospitals could be major and wide-ranging.”
The report also noted that, according to the Australian Cyber Security Centre’s Annual Cyber Threat Report 2023–24, healthcare is in the top five sectors vulnerable to cyber security incidents.
The report also identified third-party access to health networks as an ongoing issue, which the Queensland Audit Office intends to address.
“We will examine how effectively the Queensland government identifies third parties with access to its data and networks, assesses related security vulnerabilities, establishes relevant controls, and minimises the impact of security breaches through these third parties,” the report said.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
