Physiotherapy clinics may be an attractive target for cybercrime, given how valuable patient data and personal health information are to cybercriminals. 

Healthcare and social assistance are the most targeted non-government sectors for cybercrime, according to the Australian Signals Directorate’s Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report 2023–2024. 

But what are the costs of a cybercrime? 

The financial impact of a cyber incident is one risk to consider. 

Insights from ACSC’s 2023–24 report show that the average cost of a cyber incident was $49,600 for a small business, $62,800 for a medium-sized business and $63,600 for a large business. 

What contributes to the cost? 

You may have to pay for: 

• system recovery
• third-party regulatory defence and penalties
• operational disruption
• patient turnover—whether due to cancellations or loss of patient trust
• PR and reputational management efforts. 

How can you respond? 

Being the victim of a cyber incident may be alarming, but having a plan could help mitigate the impact on your clinic. 

If a cyber incident occurs, here are some of the immediate steps the ACSC suggests to help reduce the overall impact of an incident:

• disconnect your internet to cut off any further access to your devices
• change your passwords
• scan for any viruses and remove any malware that you’ve identified
• notify others in your network to look out for potential links or email attachments that may be suspicious
• report the incident to the ACSC’s report and recover page
• contact your cyber liability insurance provider (if you have one). 

To read the full list of recommendations, visit the report and recover page of the ACSC website. If you face a cyber incident, be sure to contact your cyber liability insurance provider. 

They can provide the next steps on how to manage notification procedures, navigate the claims process and access additional support. 

If you have a cyber liability insurance policy with BMS, you’ll be supported throughout the claims process. 

This can include access to additional support from legal experts, computer security experts and IT forensics, who can help coordinate your claim and work with you through the process. 

Visit the BMS Portal or speak to BMS at apa@bmsgroup.com to learn more.

You must be a current Australian Physiotherapy Association (APA) member to be eligible to register for the APA Member Insurance program. You must be part of the APA Member Insurance program in order to access additional cover, which includes but is not limited to cyber insurance. If your membership ceases you will not be offered renewal when your policy expires. In offering this insurance to our members the APA is a distributor of BMS Risk Solutions Pty Ltd (BMS) AFSL 461594, ABN 45161187980. This insurance policy is arranged by BMS under a binder with Certain Underwriters at Lloyd’s. When acting under a binder BMS is acting as agent for the insurer and not as your agent. Any advice provided by BMS is general advice only and BMS has not considered whether it is suitable for your particular objectives, needs or financial situation. Please read the Policy Wording and BMS Terms of Engagement which contains the Financial Services Guide before making any decision about purchasing this policy. As a distributor, the APA may receive a percentage of the commission paid to BMS by the insurer and/or a fee per policy. The APA receives an annual payment from BMS which is used for insurance related marketing and professional development activities to support our members.