Cyber threats, cost blowouts: $969 million health overhaul facing rocky start
A huge project modernising the medical records of NSW patients has received a fail mark on its cybersecurity just months before it is due to be rolled out.
- Exclusive
- National
- NSW
- Cyber security
A billion-dollar project to streamline the online medical records of NSW patients has received a fail mark on its cybersecurity measures just months before it is due to be rolled out.
The NSW government is spending a minimum $969 million on consolidating the state’s fragmented and outdated IT platforms into one secure and universal system called the Single Digital Patient Record.
The NSW government will consolidate the state’s fragmented and outdated IT platforms into one secure system called the Single Digital Patient Record. Credit: Aresna Villanueva
But a leaked review, seen by this masthead, found the authority charged with its implementation was lagging other government agencies in its readiness to prevent and respond to cyber threats.
The authority scored 1.66 out of a possible 3 on its cyber risk management, well below the score of 2 considered the minimum benchmark for all NSW government agencies.
The agency was marked on the “essential eight” cyber management strategies developed by the Australian Signals Directorate, which oversees the nation’s efforts to improve cybersecurity.
The review noted the authority had improved its security management systems in the areas of governance, training, incident response, and business continuity. But it found “relatively low adoption” of protection capabilities, software management, secure configuration, account monitoring, and recovery practices.
The system is set to go live in the Hunter New England Local Health District and Justice Health in March – the first of five stages in a three-year roll-out.
Northern Sydney, Central Coast, Mid North Coast and Northern NSW health districts will be the next to transition to the software in late 2026. All other health districts, including the Sydney Children’s Hospital Network, will use the system by mid-2028.
A NSW Health spokesman said the system would undergo a series of rigorous cybersecurity assessments before it goes live.
Loading
“We are continuously strengthening these measures to ensure a proactive, resilient approach to emerging risks in this quickly evolving landscape,” he said.