Cyber Security

If you or your business use digital technology, you’re at risk of a cyber-attack. Therefore, everyone has responsibility for cyber security.

The first steps are turning on automatic software updates, regularly backing up your devices, switching on multi-factor authentication, using passphrases, securing mobile devices, and watching out for cyber scams.

Consider what would happen if your information systems were to come under attack. Your patients’ personal and sensitive health information - and the reputation of your pharmacy – would be at risk. Your pharmacy’s access to critical business systems would be impacted, and your capacity to remain open would be compromised.

Cyber security is a big deal, and should never be an afterthought.  The resources available on this page provide a starting point so you can get prepared and be more cyber aware.

Securing your data under Australia’s privacy laws

As an APP entity, your pharmacy must take reasonable steps to protect personal information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure (APP11). These steps are defined by the Office of Australian Information Commissioner (OAIC) as:

  • governance, culture and training
  • internal practices, procedures and systems
  • ICT security
  • access security
  • third party providers (including cloud computing)
  • data breaches
  • physical security
  • destruction and de-identification
  • standards.

Community pharmacy businesses must also protect personal information at all stages of the information lifecycle, being:

  • before collecting personal information (including whether information should be collected at all)
  • when information is collected and held, and
  • when it is destroyed or deidentified.

As a pharmacy business owner, understanding your cyber security responsibilities is critical. Putting in place the following basic protections will help you reduce your vulnerability to attack.

6 steps to prepare your pharmacy

Understand the risks and build awareness in your team

The 3 most important things your staff can do to be cyber secure:

Keep your software up to date

Use a password manager

Use a strong passphrase

Back up your data regularly

Don't fall prey to phishing attacks and scams

If you fall victim to ransomware, avoid paying the ransom

Where to find out more

Australian Digital Health Agency

The Australian Digital Health Agency has a cyber security centre dedicated to supporting health care professionals with their cyber security practices.

Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) is the Australian Government’s lead agency in making Australia a more secure place to connect online.

Campaign Resources

For campaign resources including social media tiles, email banners, posters and more, visit the Cyber Security Awareness Month 2023 campaign page.

Page last updated on: 30 September 2022