In memory of the 2009, Black Saturday Fires

1. The Emergency Response Planning Tool (ERPT) for General Practicein AustraliaPractice Managers networking meeting – Gippsland PHN, 26/02/19John Anthony Williams

2. In memory of the 2009, Black Saturday Fires • Preparation and Regeneration:

3. What are we covering? • What is an emergency response plan v a BCP? • What is the ERPT and what/who is it for? • What is included? • DHHS project • What are the risks to your practice? • Group • Discussion on Pandemics • Group • A quick look at pandemics/pandemic planning • Cyber Security – The continuing threat • The risks • Notifiable data breach statistics • Awareness/preparation

4. What is an emergency response plan versus a business continuity plan? • An emergencyresponseplan provides detailed strategies on the steps that employees must follow during, and immediately after, a disaster to protect the safety of the business’ employees and customers • The business continuity plan takes the disaster recovery plan one step further. It outlines how the business will continue its operations after the disaster • Studies have shown that up to 70% of businesses/organisations who experience a catastrophic event will close within two years (McGladrey and Pullen, 2008) • The ERPT covers both areas

5. What is the ERPT and what is it for? • ERPT assists general practices in better preparing for, responding to and recovering from the impacts of emergencies and pandemics • ERPT is managed by Healthpoint ANZ and was developed in collaboration with the Royal Australian College of General Practitioners • Keeping an up-to-date emergency plan helps ensure the safety of staff, the smooth recovery of a practice and reduces the risk of financial loss • The RACGP Standards for general practices (5th edition) require practices to have a contingency plan for adverse and unexpected events, including pandemics. The ERPT meets these accreditation standards.

6. DHHS project • The Victorian State Government, Department of Health and Human Services (DHHS) is funding a pilot program to provide fully subsidised access to the ERPT for rural and regional Victorian general practices in 2019. • DHHS recognises the important role of general practices in providing essential health services to local communities and understands that maintaining an up-to-date emergency response plan is crucial in ensuring continuity of service during emergency events. • In 2019 the pilot program will focus on rural and regional general practices in recognition of the important services they provide and their heightened exposure to extreme weather events. • Each participating general practice will receive fully subsidised access to the ERPT in 2019 and support from Healthpoint ANZ to start planning and complete an emergency response plan. This includes online webinars, personalised training and access to a help desk.

7. Risks to your practice • What are the potential risks to your practice/s? • Examples you have experienced. • What happened, what was the result short-term, long-term? • Open discussion

8. Potential risks • Explosion • Threatening behaviour • Emergency exterior to practice • Flood • Severe weather • Cyclone • Bushfire • Structural fire/internal • Smoke • Gas/Chemical incident • Heatwave • Pandemic • Loss of power • Disruption water/gas supply • Telephone system disruption • Loss of IT or damage to IT • Loss electronic records • Loss of business records • Loss of availability of key staff • Cyber event.

9. Some statistics: • In 2013 there were 4,595 fires per week across Australia (1) • Researchers found there had been a 40 per cent increase in fires from 2008 (1) • Frequency of events in Australia between 1990-2014 from the international disaster database in Brussels (2): • 43.5% of national disasters are from storms • 31.3% flooding • 15.3% Wildfire • Refs: • (1) www.abc.net.au/news/2016-02-10 • (2) EM-DAT International Disaster Database

10. Focus on Pandemic • Break into groups and list instances of pandemics starting in the early 1900’s • Include more local events where known • These are obviously smaller in scale but a problem nonetheless • List examples

11. Examples of Pandemics, local health outbreaks/contamination • Global • Spanish Flu (early 1900’s) • Bubonic plague - 1900-04 • H1N1 (Bird flu) • SARS • Yellow Fever • Cholera • Malaria • Poliomyelitis • Smallpox • Dengue Fever • Mumps • Hand, Foot and mouth • Swine • Ebola Threat • Zika Threat • Other Influenza – recurring timing and virulence • Local • Measles outbreaks • Whooping cough • Isolated TB outbreaks ( lower socio-economic, poor housing) • Resurgence of older STD’s – Syphilis • Campylobacter – water supply • 2017 was the worst flu season in Australia for many years - 1,255 deaths due to influenza

12. How is your organisation thinking about cyber risk?

13. Embracing cyber risk management • the risk of a business incurring a cyber incident is no longer a question of if, but when! • geographical isolation previously thought to protect Australia and New Zealand as islands from attacks is no longer relevant. • Australia has been recognised as one of the “Cyber Five” alongside South Korea, Japan, New Zealand and Singapore, who appear to be nine times more vulnerable to cyberattacks than any other Asian economies (1) • Australian and New Zealand small businesses who faced a cyber attack were virtually identical (19% in Australia and 18% in NZ), but only 6% of New Zealand SMEs hold cyber insurance, compared with 14% of Australian SMEs • (1) Deloitte 2016 Asia Pacific Defence Outlook.

14. The cyber threat – current focus • Ransomware continues to grow as a method of extorting funds • The most prevalent financially motivated cyber crime threat • Credential-harvesting malware poses an increasing threat to Australians by facilitating the theft of credentials, such as login details and account numbers • Malware specifically to target Australia and the increased targeting of Android smartphones • Targeting of trusted third parties, particularly service providers. Highly attractive targets as they can enable secondary and tertiary access into a range of primary targets

15. Something to note • Cyber crime is not an IT problem. • It’s a Board/organisational problem • The absence of evidence of a breach, is not evidence of the absence of a breach • Source: Hurrell Consulting

16. Australian Compulsory Data Breach Notification Source: Notifiable Data Breaches Quarterly Statistics Report 1 April – 30 June 2018 – oaic.gov.au

18. Know your crown jewels • Know the value of what you have: • To you; your competitors, your employees, organised crime, hacktivists, state or corporate spies • Tangible • Non-tangible • Identify the gateways – remember gates swing both ways • Know who has access: • Look deep inside your supply chain to understand access rights • Do they need this access? • Source: Hurrell Consulting

19. Know where it is • What is stored locally and if data is stored in the cloud, what and where • Know who is protecting it • It may not be protected at all – understand is it in your company security realm or another provider • Know how well the protections work – have you had a crisis simulation test across the IT Section or the entire business? • Source: Hurrell Consulting

21. Additional RACGP resources: • The RACGP has developed several resources to support general practices prepare for, respond to and recover from emergency situations. These include: • Responding to emergencies in general practice • Responding to pandemics in general practice • Pandemic flu kit • Information security in general practice • Access these here: http://www.racgp.org.au/your-practice/business/tools/disaster/ Coming soon: • Various fact sheets on emergency situations including bushfires, floods and traumatic events.

22. How do I access the ERPT?Go to the URL: https://erpt.racgp.org.au/standardloginor Google - ERPTClick on `Register your practice for the ERPT’, in red.  Complete the few details.HealthpointANZ will contact you to arrange training and support