The Cybersecurity Threat to the Disability Sector

In 2022, the personal information of 9,800 NDIS participants and 67 service providers was leaked online after a software provider was hacked. The leaked information included Medicare numbers, tax file numbers (TFNs), medical records, prescriptions and mental health diagnoses, among other things. 

“It's really, really violating,” one of the affected participants told ABC News. “I may not like to think of myself as vulnerable… but I guess I am quite vulnerable, particularly living alone.”

Health service providers are regularly targeted by hackers in cybersecurity attacks, likely due to the sensitive nature of the data they hold. Data breaches can be devastating for victims, with the impact ranging from poor mental health to identity fraud.

However, it’s not just hackers that you need to be aware of. Cybersecurity breaches can also be caused by everyday human behaviour. Things like poor password choices or viewing client documents on the metro can soon lead to data leaks.

NDIS Providers’ Cybersecurity Obligations

As a disability support provider, you don’t just handle extremely sensitive data. You also rely on digital information sharing to provide at-home client services. This makes you particularly vulnerable to cybersecurity breaches.

The NDIA requires disability support providers to securely store participant data and have data destruction and disposal processes. The Information Management section of the Core Module of the Practice Standards states: 

“Documents are stored with appropriate use, access, transfer, storage, security, retrieval, retention, destruction and disposal processes relevant and proportionate to the scope and complexity of supports delivered.”

How NDIS Software Can Improve Your Cybersecurity

When it comes to building trust in the digital age, the importance of cybersecurity NDIS software cannot be overstated. NDIS software with rigorous compliance features will help you ensure cybersecurity through:

Secure Data Storage 

Where your data is stored is key to your cybersecurity. Look for software that encrypts your data and stores it in the Australian cloud. 

While no server is completely free from vulnerabilities, some have a better reputation for security than others. For example, an AWS (Amazon Web Services) server is widely recognised as offering excellent security. It’s the server of choice for Facebook, McDonalds and the BBC, in addition to many other global brands.

Secure Data Sharing 

Data sharing is a common point for cybersecurity breaches, but it is also necessary for providing disability support services. 

Software with a companion mobile app for support workers makes it easier to share participant data. It enables your team to view support plans and relevant medical details on the go, without needing to download personal data or access it on an unsecure site.

Ideally, your software will also come with a built-in portal for clients and their approved loved ones. This way you can securely share billing information and progress updates.

Limits on Who Can Access Personal Data 

While your support workers and admin team regularly need to access clients’ and employees’ personal data, this should only be done on an as-needed basis. When too many of your team have access to someone’s data, it is both a cybersecurity and privacy risk. 

The right software will help you control this by ensuring that support workers can only view participants’ details if they’re currently on their roster. 

Regular Software Updates

With hackers using increasingly sophisticated methods, software updates are critical to ensuring data security. Your NDIS software should be regularly updated, not just to add new features or update pricing limits, but to protect your data.

Cybersecurity Best Practices for Disability Support Providers

Data protection isn’t just about having secure software. It’s also about following the recommended cybersecurity best practices. Make sure you’re following these best practices:

Use Secure Passwords

Prompt staff to use secure passwords that aren’t used on any other website. Regularly remind them to check if their passwords have been leaked online and, if so, to update them.

Protect Against Viruses

Instal antivirus software on all company devices to protect against viruses and malware, including password stealers.

Hold Regular Staff Training

Provide regular staff training on patient privacy and security basics. This should include:

• Not checking client details in public places

• Not sharing participant information with friends or family members, even if it’s just a “harmless anecdote” about their workday

• Communicating via secure channels, such as your NDIS software’s mobile app

• Reporting lost and stolen devices to management

Plan for the Worst

And hope for the best. The right software and staff training will help keep your data secure. However, you also need a plan of action for if a cybersecurity breach does one day happen. 

Reacting quickly will enable you and your participants to limit the potential damage, for example, by changing passwords or alerting their banks. 

Secure Client Data Storage for Peace of Mind

No matter what digital tools you use to run your disability support provider business, cybersecurity should be a priority. You store a significant amount of clients' and support workers' personal data, from home addresses to health records. A cybersecurity breach could have severe consequences.

ShiftCare's NDIS software makes secure information sharing easy. All data is securely stored in an AWS server on the Australian cloud, and it can only be accessed via the ShiftCare mobile and web apps. Your team will have access to all the information they need to provide excellent disability support — and you won't have to worry about the wrong person accessing a client's details.

Take the stress out of cybersecurity. Try ShiftCare for free.