Menu Close
A parent and child doing a virtual consultation with their Doctor

Keeping your business safe with the ASD Essential Eight

What are the Essential Eight?

The Essential Eight is split into 3 categories:

Prevent malware delivery and execution

Limit the extent of cybersecurity incidents

Recover data and system availability

Cybersecurity can feel overwhelming to start with, it’s filled with jargon, and then there are the fearmongering headlines in the media. As part of our core values, we’re focused on security. We do everything to protect you, your reputation, your technology infrastructure, and your patient’s privacy from day one.

This focus means we have built our cyber-security and data recovery strategy around best practices, and our years of experience in the healthcare industry. We understand your exact requirements because we specialise in providing IT services to the healthcare industry.

As part of the Australian government’s commitment to cybersecurity, they’ve published the Essential Eight. These are eight recommended strategies to mitigate cybersecurity incidents. These are provided as a baseline model to businesses and should be customized based on each organisations risk profile. There are three maturity levels to the Essential 8 and Health IT works to ensure you satisfy level 1 and move towards level 3.

Where do you start?

That’s where Health IT comes in. We take a look at the entire health of your network and its perimeter.

What’s a perimeter?

Think of it like having an exuberant puppy in your backyard, and the neighbours children next door that always want to play with it. Your puppy wants to get out and explore, and the kids want to get in and play. You may have a gate on the driveway, but there are gaps that a small puppy can fit through. The kids can easily climb the fence because all they can see is the new puppy. If we break it down:

  • What are the changes you need to make to accommodate the new puppy, including training it? Prevention and preparation are a key part of any medical IT strategy, including training of employees on actions that can be taken in certain situations.
  • How many ways could the puppy get out of the yard? Your medical data is considered personally identifiable information (PII). If this leaves your perimeter either intentionally or unintentionally this is a problem.
  • What things could the puppy inadvertently damage? Accidental deletion of data happens. Human error also means files can be saved incorrectly over other files.
  • How many ways could the neighbour’s kids get into your yard? By neighbour, we really mean cybercriminals. Your data is valuable to them.

As part of our Essential 8 series, we’re going to focus on backing up your data. You may be familiar with the term ‘backup’. At its most basic level, this means having another copy of your data in case you ever need it. For the Essential 8 – this is referred to as ‘recover data and systems availability’.

Recover data and system availability (Maturity Model level 3)

Australian Signals Directorate and Australian Cyber Security Centre Logos

The ASD Essential 8 recommendations are:

  • Backups of important information, software and configuration settings are performed at least daily.
  • Backups are stored offline, or online but in a non-rewritable and non-erasable manner.
  • Backups are stored for three months or greater.
  • Full restoration of backups is tested at least once when initially implemented and each time fundamental information technology infrastructure changes occur.
  • Partial restoration of backups is tested on a quarterly or more frequent basis.
StorageCraft Ransomware Ready eBook Cover

How do we help you recover data and system availability?

Unfortunately, even with the best cyber-security strategy, humans will be human and make mistakes. And as the last couple of years have shown, natural disasters, floods, bushfires, do occur.

Specifically, in healthcare, we’re subject to much more rigorous data backup and recovery policies.

  • For patients under the age of 18 years, data must be stored until they reach the age of 25. So if you start providing treatment for a newborn, you’re obligated to keep this data for 25 years.
  • For patients over the age of 25, you’re required to keep this data for a minimum of 7 years

Data corruption and serial retention is a greater responsibility in healthcare.

Healthcare is a long-term business. Whilst there may be a steady stream of regular patients, the more ‘healthy’ ones, you may only see once every 6 months, or perhaps only once a year. When this patient returns to your practice they expect you to have their medical history on file and readily available.

With our partner StorageCraft, we provide high levels of backup for healthcare and medical practices. Data is backed up as often as hourly onsite, with an encrypted copy securely transmitted to an offsite location (in Australia) overnight. Data is stored with security and redundancy to satisfy the highest maturity level of the Essential 8. This means that you have on-site and off-site versions of your backup, providing you with complete peace of mind that in the event of a disaster you’ll be able to access and recover your data.

A set of red purple and blue squares in a cross shape with a laptop image behind.
ASD Essential 8 Recommendation   Health IT Service Level
Backups are performed DAILY   Backups are performed HOURLY during working hours
Backups are stored offline or online   2 levels of redundancy through offline and online
Backups are stored for THREE months or longer   Backups are stored for ONE year for quick restore
Full restoration is tested at least ONCE   When installed and after any significant IT change
Partial restoration is tested QUARTERLY   Our systems report on backup success in real-time, and partial restoration is tested MONTHLY

It’s not just all talk

As part of our disaster recovery service to you, Health IT makes sure that the backup and restore process actually works. The system is tested monthly, with a complete test restore undertaken after any significant system change, and also prior to GP accreditation. This is in line with the third level of maturity model from the Essential Eight. Importantly, our system reports to us in real-time. Our techs solve backup issues every day before they have a chance to impact our customers, and they send you a monthly report to keep you up to date and satisfy your compliance obligations.

In the event of accidental deletion of data, or loss of data through other means, our restoration process is tested, documented and regularly reviewed. This means that you can have emergency access to data in minutes, not days. We minimize your downtime, allowing you to continue to provide high levels of patient care at all times.

A goldfish in a fishtank with fake plants and a blue background

A fish tank light was the cause of a fire at the specialist suites in the local private hospital. Dr Purple (not her real name) had a full day of appointments booked but no access to her suite, which contained her server undamaged but with no access to networking or electricity.

Health IT were able to grant Dr Purple and staff emergency access to her system as it had been backed up the night before. We were able to do this in a short time not the many hours or longer a lesser backup system would have required. She was able to securely access her data, contact her patients and operate from a temporary location using a laptop and a mobile phone.

While this was a stressful day for all involved, patient care and practice income were protected from the effects of this small scale disaster, and normal operations were resumed the following day.