School of Computer and Information Science, Security Research Centre, Edith Cowan University, Perth, Western Australia
Australia is moving to a national e-health system with a high level of interconnectedness. The scenario for recovery of such a system, particularly once it is heavily relied upon, may be complex. Primary care medical practices are a fundamental part of the new e-health environment yet function as separate business entities within Australia’s healthcare system. Individually this means that recovery would be reliant on the self-sufficiency of each medical practice. However, the ability of these practices to individually and collectively recover is questionable. The current status of information security in primary care medical practices is compared to the needs of information security in a broader national e-health system. The potential issues that hamper recovery of a national system are the poor understanding of security at the end-user level currently, and the lack of central control. This means that in this environment where independence is promoted, the major concern is national coordination of recovery from a major incident. The resilience of a medical practice to cope with a cyber-security incident is important. Resuming normal activity within an acceptable time frame may be vital after a major attack on Australia’s infrastructure.