Search icon

Data Breaches are Hurting NFPs & Healthcare: Here’s how to stay safe

Data Breaches are Hurting NFPs & Healthcare: Here’s how to stay safe


Right now, it feels like everywhere you look, you’ll see reports of cybercrime – a data breach, a ransomware attack, a story about how one pesky piece of ransomware has brought a national organisation to a standstill.

There’s no doubt about it – cybercrime is trending upward in Australia. In the 2021-2022 financial year alone, cybercrime reports shot up by 13%.

Australian not-for-profit organisations have been one of the sectors hit the hardest by the upswing of cyber threats and data breaches.

Some of the most shocking incidents in recent years have been the Australian Red Cross data breach of 2020, which resulted in the theft of 1.3 million records; the Royal Flying Doctor Service of Australia (RFDS) data breach of 2021, which exposed personal data belonging to its donors; and the 2022 cyber attack targeting The Smith Family, in which hackers set out to steal funds from the charity, taking donors’ personal data in the process.

NFPs aren’t the only organisations suffering at the hands of cybercriminals. Year after year, the healthcare sector is the industry targeted most by cybercrime.

With the shock of the Medibank breach still raw in our minds, Sydney-based cancer care centre, Crown Princess Mary, has been the victim of a ransomware attack, perpetrated by the Oceania-operating cyber criminal group known as Medusa.

These incidents are unsettling for anyone to think about, especially those working in the NFP and healthcare spaces.


Why are cyber criminals targeting health and NFP organisations?

Health and NFP organisations are often targeted by cyber criminals because they store vast amounts of sensitive patient data. The high volume of customer data is the same reason why financial organisations have historically been frequent targets of cyber crime, too.

However, despite the growing concern for companies operating in these sectors, the majority of businesses aren’t doing enough to protect themselves from cyber threats.

Consistently, business leaders are ranking cybersecurity training and privacy compliance low on the list of essential employee skills.

At Truis, we’ve worked alongside plenty of NFPs and healthcare organisations in our time. Here’s some of the most common cybersecurity mistakes we see.

Common cybersecurity mistakes (and how we can help):

1. The mistake: Not being aware of legislative changes
To properly protect your business, your team, and your customers from cyber threats, it’s important to stay up to date with any legislative changes that might affect you. An example of one of these legislative changes is 2021’s adjustments to the Privacy Act and Australian Privacy Principles (APPs), which brought in new sets of obligations that qualifying NFPs must meet.

How we can help:
As your partner, our team has their finger on the pulse of any changes that could impact you. With IT partners in all places across all sectors, we’re always in the loop with any changes that may be coming down the pipeline.

2. The mistake: Not having a last line of defence
Proper security means being prepared for the worst case scenario. Without an effective disaster recovery system, you have a slim chance of recovering quickly or cheaply, should your data be breached.

How we can help:
Our Disaster Recovery-as-a-Service is the ultimate last line of defence. With this service, our team of experienced engineers and consultants will be present on-site to ensure that proper protocols are followed, and that your data remains accessible in case of an emergency.

3. The mistake: Not evolving your security measures and policies
The digital world moves fast. To keep your organisation as safe and secure as possible, it’s crucial that you update your procedures and practices frequently.

How we can help:
This issue typically stems from smaller teams becoming overloaded with all the BAU IT duties. And this is where Truis’ strength in security really comes in handy. Our Security Operations Centre offers managed security services to take care of as little or as much of the day-to-day operations as you need – so you can focus on the more pressing tasks.

4. The mistake: Not running regular backups
You’d be surprised how often data backups fall to the bottom of the priority list. The problem with this is that without regular backups, the risks posed by data loss become even more severe.

How we can help:
We’re proud to support many of our clients with Backup-as-a-Service arrangements. We keep all backups stored safely and securely on the cloud, taking the hassle of daily backups off their plates.


As an NFP organisation, you may feel overwhelmed by the ever-evolving nature of cybersecurity risks and the limited resources you have to manage them with.

However, there’s plenty you can do to stay safe in these times.

Strong internal IT policies, up-to-date staff training, and keeping your data protected and backed up are just some of the ways you can protect yourself. And if you need a partner to help you through, we’re here to help. With our range of cybersecurity services and depth of expertise, you can feel confident that you’re safe, secure, and ready to defend against whatever might come your way.

Want some expert advice?

Reach out to one of our industry experts today

Contact us