Victorian health services are increasingly using information and communications technology (ICT) to deliver healthcare, and to capture and store patient information.These digital records give clinicians access to patients’ information at the point of care and allow them to quickly share information and results. However, while digital records can improve patient care, a cybersecurity breach could have severe consequences for the health sector, resulting in stolen patient information or disabling ICT systems and preventing staff from accessing their patient’s information.
This audit assessed whether Victorian public health services' ICT security practices effectively protect patient data. We audited Barwon Health, the Royal Children’s Hospital, and the Royal Victorian Eye and Ear Hospital, and examined how two different areas in the Department of Health and Human Services (DHHS) support health services to identify and manage data security risks.
We made 14 recommendations for DHHS and Victorian public health services.