Australian dermatologists have been urged to boost training and tighten data protection following a national survey.
A survey of cybersecurity and data protection practices among Australian dermatologists has revealed significant gaps in training, awareness and secure technology use.
The survey, conducted during the Australasian College of Dermatologists’ Annual Scientific Meeting in May 2024 and circulated electronically to fellows and trainees, gathered responses from 108 dermatology consultants and registrars.
The findings were published this month in the Australasian Journal of Dermatology.
“Ongoing education, training and regular review of cybersecurity and data protection policies are essential in today’s digital healthcare landscape,” the authors wrote.
“Dermatology is particularly vulnerable due to its reliance on high-resolution clinical imaging, which often includes personally identifiable and clinically sensitive visual data.”
Participants were asked about their use of electronic medical records (EMRs), backup practices, telehealth platforms, password protocols and cybersecurity training.
While most respondents reported using electronic medical records supported by secure logins and regular backups, the results highlighted inconsistent practices across the profession.
Some dermatologists reported they continued to rely on paper records or hybrid systems, and relatively few employ a designated data protection officer.
Less than half of participants reported using secure telehealth platforms on work computers, and awareness of patient consent requirements for telehealth and data sharing varied considerably.
About one-third of respondents were unaware of the security features protecting their remote access to electronic records, suggesting gaps in both training and infrastructure.
The researchers said the digital transformation of healthcare businesses had led to increasing vulnerabilities to cyber threats.
“Cybersecurity incidents can have serious repercussions, including medicolegal consequences, reputational damage and financial losses,” they wrote.
“Our survey shows a substantial gap in the employment of a data protection officer and awareness of patient consenting policies, which points towards an area of improvement.
“Although most participants utilise electronic medical records (EMR) for documentation of patients’ data, some participants only use paper-based records or a combination of both.
“Reassuringly, the majority of participants reported using systems that include regular either onsite, offsite or cloud-based backups of their EMRs and secure access via unique user credentials.”
They noted there was a disparity in cybersecurity awareness and education among dermatology fellows and trainees, particularly in cybersecurity training and the use of personal devices for reviewing clinical images.
“Telehealth is widely adopted, with variations in the use of secure teleconferencing platforms and telehealth practices, with less than half of the respondents using secure platforms on work computers,” the researchers wrote.
“This places practitioners at risk, as studies have demonstrated inadequate data protection and weak or absent passwords as major contributors to data breaches.”
They said their survey identified several critical areas for improvement in cybersecurity practices within dermatology settings.
These included a clear need for more regular cybersecurity training, both for dermatologists and their team members.
“Inconsistent practices and knowledge around password protection have led to many participants not routinely reviewing password security measures,” they said.
“Approximately one-third of respondents were either unaware of the security features associated with their remote EMR access, or were using access methods that do not meet recommended security standards.”
There was also a significant gap in training related to phishing awareness, highlighting the need for ongoing education to help clinicians and staff identify and manage suspicious communications.
“Cybersecurity and data protection awareness in healthcare is paramount to maintain the confidentiality of patients,” the authors concluded.
“Our audit shows a disparity in current cybersecurity and data protection practices among dermatologists and dermatology trainees; hence, further education and training is needed in this digital space.”
