New data rules for the health sector as phishing attack hits home
The Ministry of Health has issued new guidelines around the treatment of personal data the same week as Capital and Coast District Health Board is caught out by a phishing scam.
The "Digital, data and technology services - minimum requirements" sets out the ministry's expectations regarding minimum capability for digital services and security is at the forefront.
"All new digital services and the data they collect and hold must be conformant, and in some cases compliant, with Ministry of Health published HISO standards, roadmaps and architecture guidelines and integrate with Ministry of Health mandated national digital services (such as the National Health Index)."
Services should be "integrated to support a consistent, and where possible seamless, user experience and avoid unnecessary duplication of data and functions" and the use of cloud delivery should be "considered" for all services rather than locally hosted or managed technology.
Meanwhile Capital and Coast DHB is mopping up after a phishing scam caught out a staff member and resulted in thousands of fake emails being sent from their email account.
"This incident was a case of human - rather than system - error, and we remain confident in the robust security measures and protocols that protect our systems and data," said chief digital officer Tracy Voice in a written statement.
"As a precaution, however, we have further enhanced our security measures and protocols. We will also strengthen our regular education for staff about these sorts of attacks and how to remain safe while using email and the internet."
No customer data was exposed by the attack, says the DHB.
Anyone who receives an email from a CCDHB email address should phone to verify its authenticity, says the DHB.
Comments
You must be logged in in order to post comments. Log In
