Ministry of Health update on cyber security events
The following is an update by Shayne Hunter, Deputy Director General, Data & Digital, Ministry of Health
Recent cyber security events are a timely reminder that the security and privacy of health information is paramount in our health and disability system.
The Ministry of Health has already communicated with a number of sector organisations regarding assurance of cyber security practices and further work is planned that will continue to "lift the bar" in terms of cyber security.
This will include:
1. The practices that health organisations are expected to conform to are encapsulated in the minimum requirements for digital, data and technology services that are published on the Ministry’s website. The Ministry intends to embed these requirements in contractual and other sector frame works and begin to monitor organisations against these requirements.
2. A review of sector cyber security maturity. This will include widening assurance efforts to include community and NGO providers.
3. A review of the Health Information Security Framework (HISF) to ensure that it balances good practice with practical implementation and other associated cyber security capabilities. The HISF forms part of the minimum requirements noted in the first point above (minimum requirements for digital, data and technology services).
4. In 2018 there was a review of the Connected Health network. A Connecting Health Security Matrix was published that describes the intended transition to an internet first connection model whilst mandating that appropriate security is in place. The Connected Health network, which is essentially a private network, will not exist in the long term. We recognise that while it does not fully meet the requirements of the Connecting Health Security Matrix and the HISF, it does provide a level of protection. For that reason the transition away from it will be gradual. The Ministry's own work programme to update or replace a number of its existing systems will actively support that transition.
The Ministry will be convening a meeting of sector CIOs and CISOs in November to update on the cyber work the Ministry is driving and to understand other sector activity that is underway or planned in relation to cyber.
For any enquiries regarding cyber security please contact the Ministry at digital firstname.lastname@example.org