According to a report by the Auditor-General, Tasmania’s Health and Human Services department is at an “excessive risk of cyber attack”.
The Auditor-General office released an evaluation of four 2015 reviews that probed whether the security advice provided had been implemented or ignored.
The security of information and communications technology infrastructure of five state government departments was inspected in a report that was scheduled in March 2015.
Acting Auditor-General Ric De Santi said, “We concluded back then that there was an excessive risk in cyber security.”
The latest audit found out that even though other departments had made a lot of progress in implementing the recommendations of 2015 whereas the Department of Health and Human services was still lagging behind.
Mr. De Santi said, “We think after three years they could have made a bit more progress because, ultimately, the risk rests with them. They’ve taken what we call a piecemeal approach — it’s not a whole-of-agency approach. There are parts of the agency — certainly in some of the more sensitive areas — that they’ve got better control, but across the agency there are pockets that could improve.”
The latest report claimed that the department had 6 servers, 4 of which were in hospitals.
The report also claimed that the non-hospital servers have acceptable access controls, hazard protection and alarms however, “the same level of protection does not exist at the hospital sites”.
The report found that the DHHS’s progress in applying an ICT security and risk management plan was only at 5% as compared to Fire and Emergency Management and Treasure and the Department of Police which have achieved 100% implementation.
Mr. De Santi added saying, “here’s some improvement that could be done around password control and certainly in terms of recovery.”
Let us know your thoughts