The Victorian Department of Health’s Digital Health branch operates a cyber security assurance program for the health sector.
Digital Health started its cyber security uplift program in 2016. The first public health sector-wide assessment was completed in 2017 and extended to registered community health services in 2018. The latest version of baseline cyber security controls help health services and community health services to strengthen their ability to detect, protect and respond to the evolving cyber security threat environment.
VMIA and Digital Health have collaborated to develop an online assessment tool.
Health sector cyber security assessment
The assessment is a package of controls from the Australian Signals Directorate’s Essential Eight, the Center for Internet Security, the Australian Cyber Security Centre’s Information Security Manual and the National Institute of Standards and Technology. This package recognises the complementary nature of these frameworks and focuses on various cyber threats. Maturity levels for each control will provide an indication of an organisation’s cyber security maturity.
The cyber security assessment can help you:
- Review and understand your organisation’s cyber security maturity
- Make informed decisions about cyber security improvements
- Take focused steps to protect your organisation from cyber attacks
- Compare your organisation’s cyber maturity against other Victorian health services and community health services
Accessing the health sector cyber security assessment
You’ll be transferred to VMIA’s self-assessment hub, which hosts the Health Sector Cyber Security Assessment.
VMIA Self-assessment hub user instructions
- User instructions [PDF, 1.41MB]
How will the assessment data be used?
Digital Health will use the assessment data to:
- Review strategy, program, policy, and funding guidelines to identify gaps, and opportunities for improvement
- Understand and report on cyber security maturity across the Victorian public health services and community health services
- Develop targeted capability and peer sharing programs to assist agencies to improve cyber security in priority areas
VMIA will use the assessment data to:
- Develop insights to inform risk-based policy and continuous improvement across the Victorian Government by combining results from this assessment with the results of the Victorian Government Cyber Maturity Benchmark
- Help clients make informed decisions about cyber risk management
- Develop programs, products, and services to meet the needs of clients
- Purchase cyber insurance for clients in the reinsurance market at a competitive price
- Data generated through the assessment is securely stored. VMIA is bound by Victorian legislation and information management frameworks
- VMIA and Digital Health won’t share your identifiable data with third parties without your permission
- VMIA won’t use the benchmark data to calculate individual insurance premiums
Want to know more?
If you’d like more information about any of Digital Health Cyber Security Assessment frameworks, email Digital Health at firstname.lastname@example.org or phone 1300 598 686.
If you need help with VMIA’s self-assessment hub, email email@example.com