$599 + GST Get My Health Check

In about an hour, see exactly where you're exposed, turn your gaps into a prioritised action plan you can track, and get a professional report you can show your insurer, regulator, or clients — no IT knowledge needed.

Medical practices are being hit with ransomware every week.

The scenario is terrifyingly common: a GP practice arrives Monday morning to find every system locked. Patient records inaccessible. Appointments can't be booked. Prescriptions can't be issued. The ransom demand: pay $50,000 in Bitcoin or lose everything. Some practices pay and still lose their data. Others spend weeks rebuilding from scratch—if they can recover at all.

Your patient records are incredibly valuable to criminals. Medical records contain everything needed for identity theft and insurance fraud: Medicare numbers, dates of birth, addresses, medical histories. Unlike credit cards that can be cancelled, this information is permanent. A stolen medical record is worth 10-50 times more than a credit card number.

AHPRA, the Medical Board, and the Privacy Act have real consequences.

Protecting patient confidentiality isn't just an ethical duty — it's a registration requirement. AHPRA, the national health practitioner regulator, can impose conditions on, suspend, or cancel the registration of practitioners whose practices suffer preventable data breaches. The Privacy Act adds penalties up to $50 million for failing to protect health information, which counts as "sensitive information" needing higher protection. "The practice manager handles IT" is not a defence.

PRODA and Medicare portals are high-value targets.

Your PRODA credentials provide access to Medicare claiming, PBS prescriptions, and My Health Record. Compromised credentials mean fraudulent claims in your name, bulk prescriptions for controlled substances, and investigations that take months to resolve. Multi-factor authentication isn't optional anymore—and when did you last review who has access?

Prescription fraud starts with compromised practice systems.

Criminals target GP practices specifically to generate fraudulent prescriptions—particularly for opioids and other controlled substances. If your clinical software is compromised, you could find prescriptions issued in your name to patients you've never seen. The TGA and police will come knocking, and proving your innocence takes months.

This health check is built specifically for GP clinics.

Plain-English questions covering PRODA/Medicare portal security, clinical software protection (Best Practice, Medical Director, etc.), patient records handling, prescription security, My Health Record access controls, and staff awareness. No technical jargon—designed so any practice owner or manager can complete it and understand the results.

What you get:

64
Plain-English Questions
Specific to GP clinics—no technical knowledge required
Clear Security Score
See exactly where you're protected and where you're exposed
Prioritised Actions
Gaps ranked by risk, then turned into a phased action plan you track to completion
Professional Reports
Comprehensive Word report with scores, recommendations, and improvement plan

What your results look like

Finish in about an hour and you get a clear overall score, a breakdown across every security domain, and every gap turned into a prioritised action plan you can track and export. (Example output.)

Cyber Security Health Check results screen showing an overall score and maturity across Essential, Recommended and Advanced practice levels
Your overall score, plus maturity across Essential, Recommended and Advanced practices.
Domain Maturity Analysis showing a score-by-domain bar chart and a gap risk distribution pie chart
A breakdown across every security domain, with your gaps grouped by risk level.
What You're Doing Well section highlighting the security areas where the business is already strong, with a score and an Excellent rating
It's not just problems — it highlights what you're already doing well, too.
Identified Gaps table listing each gap with time, cost, urgency, risk and priority, plus a plain-English recommendation
Every gap ranked by priority, each with a plain-English recommendation.
Action Register table listing chosen actions with owner, due date and status, plus a Download register Excel button
Turn gaps into a tracked action register — owner, due date, status, export to Excel.

What You Receive

Every assessment generates a comprehensive report. Download a sample below.

Summary Report

Plain-English findings with scores, prioritised improvement plan, risk associations, and resources

Download Sample

Complete it in about 60 minutes. No technical knowledge required. Your data never leaves your device.

Who is this for?

Practice owners, practice managers, and GPs responsible for clinic operations. Solo practitioners and group practices alike. Any medical practice that handles patient records and Medicare claiming—and wants to understand their cyber security posture without needing IT expertise.

AI-Powered

Your Assessment Includes a Personal AI Security Advisor

Two AI assistants are built into the tool — one to help you during the assessment, one to help you make sense of your results. Like having a security professional on call.

During the assessment

Not sure what a question is asking? Just ask.

Every question in the assessment has an AI helper built in. Tap it and ask anything — "What does this question actually mean?", "Can you give me an example?", "Why does this matter for my business?" — and you'll get a plain-English explanation instantly.

  • Explains technical concepts in everyday language
  • Gives real-world examples relevant to your industry
  • Never suggests how to answer — just helps you understand
  • No technical background required to complete the assessment
AI question helper explaining a cyber security question in plain English during the assessment
Assessment question interface showing radio button answer choices and plain English guidance
After you finish

Available the moment you see your results.

Once your results are in, an AI security advisor can answer any question about what they mean — in plain English, like talking to a security professional. It can even draft a phased action plan from your specific gaps — what to fix first, next, and over time.

  • "Explain my highest risk gap in simple terms"
  • "Walk me through how to fix action #3"
  • "Which gaps are easiest to fix myself?"
  • Ask anything — your advisor knows your specific results
AI Personal Security Advisor chat interface showing results-based guidance after completing the health check

Get the GP Clinic Cyber Health Check

Get My Health Check
$599 + GST
Instant download · 30-day money-back guarantee · Runs entirely on your device

Common Questions

Why are GP clinics targeted by cyber attacks?
GP clinics hold the most comprehensive health records of any provider — medical histories, medications, mental health notes, referrals, and test results. Patient health data commands the highest prices on dark web markets, often more than financial data. Clinics also hold Medicare provider credentials, My Health Record access, and pathology system logins — each representing a fraud opportunity for criminals.
What cyber security obligations do GP clinics have?
AHPRA's Code of Conduct requires practitioners to take reasonable precautions to protect patient information. The Privacy Act 1988 and Australian Privacy Principles impose obligations on all practices collecting health information. The My Health Record Act requires security controls for connected providers. Medicare participation requires protecting PRODA credentials and reporting suspected misuse. Medical indemnity insurers assess cyber risk at renewal.
What does the GP Clinic Health Check cover?
The health check covers practice management and clinical software security, My Health Record and PRODA credential protection, Medicare billing system access controls, pathology and imaging system security, patient communication security, staff access management, device and network security, backup and recovery procedures, and incident response planning for general practice.
What do I receive after completing the health check?
You receive a professional Word report with an overall security score and recommendations prioritised by risk. The report is tailored to GP clinic risks — not generic small business advice — and is suitable for sharing with your practice manager, medical indemnity insurer, or IT provider.

View all frequently asked questions →

Further Reading

Resource

AHPRA Cyber Security Requirements for Health Practitioners

What AHPRA's Code of Conduct and the Privacy Act require from GP clinics and allied health providers — and what 'reasonable steps' looks like in practice.

Read the guide