Jan Thornborough

I looked at their website.

I couldn't actually see what kind of standards or security frameworks they are adhering to.

They made a mention of the fact that they send information overseas because it's saved in Microsoft Azure in Australia.

We'd hoped that they were up to standard, but you really have to ask them directly what security standard are they adhering to to actually get the full confidence that everything is robust and in places we need.

The cold hard reality is that no one is ever 100% protected.

So the government has the health information privacy code, which all health agencies need to adhere to.

They've also got a health information security framework that provides really useful advice for health agencies on how to get better protected.

But the reality is it costs money.

And you need skilled people to do this.

And we know the health sector often doesn't have enough money just to do the basic frontline stuff, let alone IT and security.

And also there's no actual checking.

So there's no mandatory obligation for them to prove that they've actually done the things that they're supposed to do.

Well, yeah, it's a problem everywhere.

It's not just isolated to the health sector.

People still do use the same password everywhere they go.

And in fact, hackers these days, they prefer to actually log in rather than break in.

So it's much easier for them to steal passwords.

someone's credentials and log in and that way they can get into the system without being noticed.

We work with small to medium-sized businesses every day and we see appalling password practices everywhere we go, not just health.

It is really important.