Services › Staff Security Awareness

Staff Security Awareness

Practical security training your team will actually remember.

Most practice security breaches involve human error — a misdirected email, a weak password, or someone clicking a convincing phishing link. Technical controls help, but your team is on the front line every day. This service delivers focused, practical sessions tailored to medical practice staff — using real-world healthcare scenarios, not generic corporate training that doesn't connect with how your team actually works.

Book a Free Scoping Call Try the Free Self-Assessment

Your team is your most important security control

Technical controls — firewalls, antivirus, strong passwords — are essential. But they can't prevent a receptionist from emailing patient records to the wrong address, or a nurse from connecting to public Wi-Fi on a work device. These are human decisions, made dozens of times a day.

Healthcare staff are specifically targeted by attackers because they handle sensitive data and are often time-pressured — making them more likely to act quickly without verifying a request. Phishing emails impersonating Medicare, pathology providers, or health departments are common and effective precisely because they look legitimate to someone who isn't looking for them.

Awareness training doesn't eliminate human error, but it significantly reduces the likelihood of a successful attack. More importantly, it means your team knows what to do when something looks wrong — and feels confident reporting it rather than hoping someone else noticed.

85%+

of healthcare data breaches involve a human element — phishing, misdelivery, or unintended disclosure

Verizon Data Breach Investigations Report

APP 11

Requires practices to take reasonable steps to protect patient data — including training staff who handle it

Privacy Act 1988, Australian Privacy Principles

RACGP

Standards for General Practices require documented evidence of staff training in information security and privacy

RACGP Standards 5th Edition

What the training covers

Practical, healthcare-specific content — not a generic cybersecurity lecture repurposed from another industry.

Recognising phishing and social engineering

Real examples of phishing emails targeting healthcare staff — Medicare impersonation, fake pathology requests, urgent IT alerts. What to look for and what to do.

Safe handling of patient information

What counts as a privacy breach in daily work — misdirected emails, verbal disclosures, screen visibility in waiting rooms, and safe information sharing between providers.

Password and account hygiene

Practical guidance on passwords that sticks — why reuse is dangerous, how to use a password manager, and how to spot account compromise.

Safe use of email, messaging, and file sharing

When it's safe to send information by email, when it isn't, and what to use instead — relevant to clinical staff sharing results and admin staff sending referrals.

What to do when something goes wrong

How to recognise a potential breach, who to tell, and what not to do. Making reporting feel safe and normal — not something to hide.

Privacy obligations specific to healthcare

A plain-language overview of what the Privacy Act means for staff who handle patient information every day — not a legal lecture, just what they need to know.

Tailored to your team's roles

The risks faced by a GP differ from those faced by a receptionist or practice manager. Training content is adjusted to reflect the scenarios each role actually encounters.

Clinical staff

GPs, nurses, allied health practitioners

Safe handling of clinical records, secure messaging with other providers, telehealth security, device use outside the practice.

Reception and administration

Front desk, medical secretaries, billing staff

Verifying patient identity before disclosures, safe email handling, recognising social engineering attempts by phone, correct booking system security.

Practice managers

Practice managers, operations leads

Understanding obligations as custodians of patient data, staff access management, responding to suspected incidents, vendor and IT provider oversight.

What's included and what it costs

Fixed-fee per session with everything included. No per-head pricing, no hidden extras.

Per Session

Staff Security Awareness Session

Covers up to 15 staff per session

From $880 ex GST per session
  • 1

    Pre-session questionnaire

    Short intake to understand your team's roles, existing knowledge level, and any recent incidents or near-misses to address

  • 2

    60–90 minute interactive session

    Delivered via video call or onsite (Adelaide metro). Uses real healthcare scenarios, not generic slides — designed to spark discussion, not deliver a monologue

  • 3

    Staff summary handout

    A one-page reference card covering the key takeaways — what to look for, what to do, and who to contact

  • 4

    Record of attendance

    Attendance register suitable for RACGP accreditation evidence and practice governance records

Group size: Up to 15 staff per session. Practices with more than 15 staff can run multiple sessions — ask about pricing for additional sessions.

Recommended frequency: Annually, or when onboarding a significant number of new staff.

Add-on available: Simulated phishing awareness exercise — a tailored phishing simulation sent to staff before the session, with results used as a discussion point. Ask about pricing on the scoping call.

Book a Free Scoping Call

How it works

Minimal admin on your end. We handle the preparation and delivery — you just get your team together.

1

Scoping call

15 minutes to understand your team's roles, size, and any specific concerns or incidents you'd like addressed in the session.

2

We prepare the session

We tailor the content to your practice — your systems, your scenarios, your team's roles. Not a generic presentation with your logo added.

3

Session delivery

60–90 minute interactive session via video call or onsite in Adelaide metro. We lead — you and your team just participate.

4

Handout and records

Staff summary handout and attendance record provided within 2 business days of the session.

Help your team become your strongest line of defence

Book a free 15-minute scoping call to discuss your team's needs and get a fixed quote. Sessions can typically be scheduled within 2–3 weeks.

Book a Free Scoping Call Send Us a Message

Frequently asked questions

How is this different from generic online security training modules?

Online modules are self-paced, generic, and easy to click through without engaging. This is a live, interactive session using real healthcare scenarios that your team will actually recognise from their working day. The discussion format means staff can ask questions about situations they've actually encountered — which is far more valuable than completing a tick-box module.

Can it be done remotely?

Yes — most sessions are delivered via video call. We recommend using a platform your team is already familiar with (such as Microsoft Teams or Zoom). Onsite delivery is available in the Adelaide metropolitan area if you prefer.

What if we have staff across multiple sites or shifts?

We can run multiple sessions to cover different groups. Practices with staff across multiple shifts or locations often benefit from separate sessions for each group — ask about pricing for additional sessions on the scoping call.

Have a question not answered here?

Get in touch