{"id":174811,"date":"2026-01-05T20:57:00","date_gmt":"2026-01-06T01:57:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/05\/nsw-hospitals-exposed-to-cyber-attacks-information-age\/"},"modified":"2026-01-06T01:10:09","modified_gmt":"2026-01-06T06:10:09","slug":"nsw-hospitals-exposed-to-cyber-attacks-information-age","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/05\/nsw-hospitals-exposed-to-cyber-attacks-information-age\/","title":{"rendered":"NSW hospitals exposed to cyber attacks | Information Age"},"content":{"rendered":"<p><a href=\"https:\/\/ia.acs.org.au\/article\/2026\/nsw-hospitals-exposed-to-cyber-attacks.html\">NSW hospitals exposed to cyber attacks | Information Age<\/a><\/p>\n<p><a href=\"https:\/\/ia.acs.org.au\/article\/2026\/nsw-hospitals-exposed-to-cyber-attacks.html\">https:\/\/ia.acs.org.au\/article\/2026\/nsw-hospitals-exposed-to-cyber-attacks.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-05 20:57:00<\/a><\/p>\n<p>Source Domain: <a href=\"ia.acs.org.au\">ia.acs.org.au<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>\t    NSW hospitals have not met minimum requirements for cyber preparedness since 2019. Photo: NSW Health<\/p>\n<p>\t    The poor management of cyber risks and a failure to meet minimum requirements is leaving NSW hospitals vulnerable to cyber attacks, according to a secret audit tabled in Parliament mid-last year and released publicly just before Christmas.<br \/>\nThe Audit Office of NSW handed a report on cybersecurity in Local Health Districts to the state government in July last year, but did not make it public until 19 December to give NSW Health time to respond to the important recommendations included in it.<br \/>\nThe audit found that NSW Health was not properly managing the cybersecurity risks in healthcare, and that hospitals and other healthcare providers were not prepared to respond to a cybersecurity attack.<br \/>\nIt found a systemic non-compliance with the state government\u2019s cybersecurity requirements, and regular non-compliance with cybersecurity controls by clinical health staff.<br \/>\n\u201cNSW Health is not effectively managing cybersecurity risks to clinical systems that support healthcare delivery in Local Health Districts,\u201d the audit stated<br \/>\n\u201cSystemic non-compliance with NSW government cybersecurity requirements, including maintaining adequate cybersecurity response plans, business continuity planning and disaster recovery for cybersecurity incidents, means that Local Health Districts could not demonstrate that they are prepared for, or resilient to, cyber threats.<br \/>\n\u201cThis exposes the risk that a preventable cybersecurity incident could disrupt access to healthcare services and compromise the security of sensitive patient information.\u201d<br \/>\nNSW Health Minister Ryan Park has been approached for comment.<\/p>\n<p>NSW Health Minister Ryan Park. Image: YouTube<\/p>\n<p>No adequate cyber planning<br \/>\nThere are 15 Local Health Districts in NSW that administer the state\u2019s hospitals and other health services.<br \/>\nThese districts generate, use and maintain huge amounts of highly sensitive personal and health data about patients.<br \/>\nFor the audit, the NSW Auditor-General scrutinised the cybersecurity practices of four Local Health Districts.<br \/>\nIt found that none had cybersecurity incident response plans that were fit-for-purpose, only one had a cybersecurity plan and only half had conducted desktop exercises to test cybersecurity incident response plans.<br \/>\nNo Local Health District had met the minimum requirements for cybersecurity as outlined by the state government since 2019, the audit found, meaning they were \u201cnot adequately prepared to respond effectively to cybersecurity incidents\u201d.<br \/>\n\u201cLocal Health Districts that do not have effective cybersecurity plans cannot articulate their approach to managing cybersecurity risks and are not adequately prepared to respond to and manage cybersecurity risks and incidents,&#8221; the audit said.<br \/>\nThe audit also found a \u201cnormalisation\u201d within the healthcare settings of non-compliance with cybersecurity controls, due to a \u201cperceived tension\u201d between the urgency of delivering health services and the importance of cybersecurity policies.<br \/>\nDuring the audit, a number of clinical staff were observed being non-compliant, even with multiple cybersecurity controls in place.<br \/>\n\u201cDespite known systemic non-compliance by clinical staff, the audited Local Health Districts have not assessed the effectiveness of the controls they have put in place, nor have they identified any alternatives that might balance the need for clinical urgency with effective cybersecurity practices,\u201d the audit said.<br \/>\n\u201cIn addition, they have not considered investing in alternative ICT solutions that better meet the needs of clinical staff while also addressing cybersecurity concerns.\u201d<br \/>\nThe inquiry also found that eHealth NSW had not clearly refined or communicated its own role and the expected roles of Local Health Districts when it came to cybersecurity, leading to confusion.<br \/>\nActing on the recommendations<br \/>\nThe Audit Office of NSW recommended that the state Ministry of Health collate and validate information on compliance with the NSW Cyber Security Policy and finalise and communicate cybersecurity roles and responsibilities within the NSW Health system, and that eHealth develop guidance on balancing the need to deliver clinical services while meeting cybersecurity requirements.<br \/>\nIt also recommended that all Local Health Districts design and implement a fit-for-purpose cybersecurity risk management framework.<br \/>\nSince receiving the report, NSW Health has established a taskforce and progressed action in response to these recommendations, the Audit Office of NSW said.<br \/>\nThere have been a number of high-profile hacks and data breaches involving health services in recent years.<br \/>\nIn 2022, major private health insurer Medibank fell victim to a major cyber data breach, with the highly sensitive personal information of 9.7 million individuals compromised and eventually posted on the dark web after a ransom payment was denied.<br \/>\nIn late 2023, St Vincent\u2019s Health Australia, the largest not-for-profit hospital in the country, suffered a cyber attack, and said there was evidence that some data had been taken from its network.<br \/>\nAnd in September last year, nearly 600 medical staff had their private data exposed after the NSW Health department mistakenly left confidential documents available publicly online. <\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NSW hospitals exposed to cyber attacks | Information Age https:\/\/ia.acs.org.au\/article\/2026\/nsw-hospitals-exposed-to-cyber-attacks.html Publish Date: 2026-01-05 20:57:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":174812,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/ia.acs.org.au\/content\/dam\/ia\/article\/images\/2026\/NSW%20Health%20-%20nurse%20in%20hospital.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24],"class_list":["post-174811","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/174811"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=174811"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/174811\/revisions"}],"predecessor-version":[{"id":174813,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/174811\/revisions\/174813"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/174812"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=174811"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=174811"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=174811"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}