left-nav lvl-1 (ESI) - Designs

Cyber Security

Cyber health check tool

This free assessment tool is designed to help your pharmacy improve its cyber security and takes less than 5 minutes to complete.

Start now

If you or your business use digital technology, you’re at risk of a cyber-attack. Therefore, everyone has responsibility for cyber security.

The first steps are turning on automatic software updates, regularly backing up your devices, switching on multi-factor authentication, using passphrases, securing mobile devices, and watching out for cyber scams.

Consider what would happen if your information systems were to come under attack. Your patients’ personal and sensitive health information - and the reputation of your pharmacy – would be at risk. Your pharmacy’s access to critical business systems would be impacted, and your capacity to remain open would be compromised.

Cyber security is a big deal, and should never be an afterthought.  The resources available on this page provide a starting point so you can get prepared and be more cyber aware.

Cyber incident management

Quick actions from cyber.org.au

If you think you've received a phishing email or text message but haven't clicked on it

  • If the phishing was via email, contact your email provider for advice on how to block future phishing emails.
  • If the phishing was via text message, report the attempt to your telecommunications provider. Visit the Australian Communications and Media Authority (ACMA) Phone scams page for more information.
  • If the phishing attempt was via a social media, report the attempt to the platform.
  • Report the scam via National Anti-Scam Centre - Scamwatch.
  • Visit our Emails and texts information page for more details on how to identify and report phishing attempts.
  • Run antivirus software or a security scan software on your devices to remove any malware.
  • For extra peace of mind, consider saving important files on an external storage device (such as a USB Thumb Drive or memory stick) and performing a factory reset of your device. Contact an IT professional if you are unsure how to do this.
  • Report the incident to us through ReportCyber.
  • Visit our Malware information page for details on how to identify, protect yourself and recover from malware.
  • Immediately report the transaction(s) to your bank or financial institution.
  • Change your online banking passwords to secure your online accounts. You may also need to close any unauthorised accounts that have been opened in your name. Refer to idcare.org for advice on securing your online accounts.
  • Contact your email, telecommunications or social media provider for advice on how to block future phishing attempts.
  • Report the incident to us through ReportCyber.
  • Contact your bank or financial institution to secure your financial accounts.
  • Contact any other services where the personal information could be used to access accounts. For example, the ATO or Services Australia.
  • Change the passwords to any accounts which may be accessed. This could include banking, superannuation, MyGov and email accounts.
  • Report the incident to us through ReportCyber.
  • Contact a credit reporting agency to see if any attempts have been made to open accounts in your name.
  • Contact your email, telecommunications or social media provider for advice on how to block future phishing attempts.
  • Refer to idcare.org for a list of checks to complete to minimise the effects of identity theft.
  • Australian Privacy Laws
  • Reducing the risk

Australian Privacy Laws

As an APP entity, your pharmacy must take reasonable steps to protect personal information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure (APP11). These steps are defined by the Office of Australian Information Commissioner (OAIC) as:

  • governance, culture and training
  • internal practices, procedures and systems
  • ICT security
  • access security
  • third party providers (including cloud computing)
  • data breaches
  • physical security
  • destruction and de-identification
  • standards.

Community pharmacy businesses must also protect personal information at all stages of the information lifecycle, being:

  • before collecting personal information (including whether information should be collected at all)
  • when information is collected and held, and
  • when it is destroyed or deidentified.

Reducing the risk

As a pharmacy business owner, understanding your cyber security responsibilities is critical. Putting in place the following basic protections will help you reduce your vulnerability to attack.

6 steps to prepare your pharmacy

Understand the risks and build awareness in your team

The 3 most important things your staff can do to be cyber secure:

Keep your software up to date

Use a password manager

Use a strong passphrase

Back up your data regularly

Don't fall prey to phishing attacks and scams

If you fall victim to ransomware, avoid paying the ransom

Where to find out more

Australian Digital Health Agency

The Australian Digital Health Agency has a cyber security centre dedicated to supporting health care professionals with their cyber security practices.

Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) is the Australian Government’s lead agency in making Australia a more secure place to connect online.

Campaign Resources

For campaign resources including social media tiles, email banners, posters and more, visit the Cyber Security Awareness Month 2023 campaign page.

Page last updated on: 22 October 2025
Back to top