Safeguards for remote access

Where doctors provide telehealth from home, or work at multiple locations and access records remotely, good cyber security practices are vital. Practices should have a policy outlining the permitted use of devices, including the required behaviour from employees.

The ACSC recommends the following:

Train staff to beware of scams

Be alert for phishing emails. Be wary of opening messages and attachments or clicking on links from unknown senders. Exercise caution with requests for personal details, passwords or bank details – particularly if the message conveys a sense of urgency.

Never provide an unknown third party with remote access to your computer. If in doubt, delay any immediate action and re-establish communication later using contact methods you have sourced yourself.

Use strong and unique passphrases

Passphrases are harder to crack than passwords. They should be enabled on portable devices such as laptops, mobile phones and tablets. Use a variety of passphrases across multiple accounts.

Implement multifactor authentication

Multifactor authentication makes it much harder for unauthorised users to access your system. Biometric identification, e.g., fingerprint scan, provides an additional level of security.

Allow automatic updates on your devices and system

Software updates are often developed to address recently identified security issues.

Use a Virtual Private Network (VPN)

A VPN securely connects portable devices to a work network. Most practices will need an external IT service provider to set up a VPN and procedures for its use.

Use trusted Wi-Fi

Free wireless internet can expose your browsing activity to cybercriminals. Home internet or mobile internet service from a telecommunications provider is considered a trusted connection.

Secure devices when not in use

Don’t leave a device unattended. Lock your computer when not in use, even if it’s only for a short period of time.

Don’t lend laptops to children or other household members using your work profile or account.

If you share computers or devices with your household, maintain separate profiles so each person logs in with a unique username and passphrase.

Avoid using portable storage devices

When transporting work from the practice to home, portable storage devices like USB drives and SD cards are easily misplaced. And if access isn’t properly controlled, they can harm your computer systems with malware.

If you need to use them, protect them with encryption and passphrases. Cloud storage or collaboration solutions are considered more secure.

Subscribe to MDA National’s biannual Member publication, Defence Update, for the latest medico-legal updates, articles and case studies.

Subscribe now