Skip to content
Department of Health logo

The Victorian Department of Health’s eHealth branch operates a cyber security assurance program for the health sector.

eHealth started its cyber security uplift program in 2016. The first public health sector-wide assessment was completed in 2017 and extended to registered community health services in 2018. The latest version of baseline cyber security controls helps health services and community health services to strengthen their ability to detect, protect and respond to the evolving cyber security threat environment.

Online assessment tools developed by eHealth in collaboration with VMIA include the following:

Health Sector Cyber Security Assessment

The Health Sector Cyber Security Assessment is a package of controls from the Australian Signals Directorate’s Essential Eight, the Center for Internet Security, the Australian Cyber Security Centre’s Information Security Manual and the National Institute of Standards and Technology. This package recognises the complementary nature of these frameworks and focuses on various cyber threats. Maturity levels for each control will provide an indication of an organisation’s cyber security maturity.

Medical Device Security Assessment

The Medical Device Security Assessment contains a subset of control strategies designed specifically for medical devices, mapped to the Health Sector Cyber Security Controls. It is a package of control strategies adapted from the Therapeutics Goods Administration’s Medical Device Cyber Security Guidance for large-scale service providers and security best practices for industrial control systems. Maturity levels for each control strategy provide an indication of an organisation’s cyber security maturity.

The cyber security assessments can help you:

  • Review and understand your organisation’s cyber security maturity
  • Make informed decisions about cyber security improvements
  • Take focused steps to protect your organisation from cyber attacks
  • Compare your organisation’s cyber maturity against other Victorian health services and community health services

Accessing the cyber security assessments

To access the assessments, enter your organisation’s name in full in the field below, then choose from the dropdown list. View our terms of use [PDF, 563KB].

You’ll be transferred to VMIA’s Self-Assessment Hub, which hosts the Health Sector Cyber Security Assessment and Medical Device Security Assessment.

User instructions

How will the assessment data be used?

  • eHealth will use the assessment data to:

    • Review strategy, program, policy, and funding guidelines to identify gaps, and opportunities for improvement
    • Understand and report on cyber security maturity across the Victorian public health services and community health services
    • Develop targeted capability and peer sharing programs to assist agencies to improve cyber security in priority areas

  • VMIA will use the assessment data to:

    • Develop insights to inform risk-based policy and continuous improvement across the Victorian Government by combining results from this assessment with the results of the Victorian Government Cyber Maturity Benchmark
    • Help clients make informed decisions about cyber risk management
    • Develop programs, products, and services to meet the needs of clients
    • Purchase cyber insurance for clients in the reinsurance market at a competitive price


  • Data generated through the assessment is securely stored. VMIA is bound by Victorian legislation and information management frameworks
  • VMIA and eHealth won’t share your identifiable data with third parties without your permission
  • VMIA won’t use the benchmark data to calculate individual insurance premiums

Want to know more?

If you’d like more information about any of eHealth's Cyber Security Assessment frameworks, email eHealth at

If you need help with VMIA’s Self-Assessment Hub, email