Hackers are impersonating IT staff over the phone to steal passwords — exploiting practice staff’s fears that IT failures can put patient care at risk, a cybersecurity expert warns.

Cyber attacks are in the news after Australian Clinical Labs agreed to accept a $5.8 million fine for its response to the 2022 theft of 128,500 Medicare numbers and 17,500 pathology records.

Last year’s attack on software company MediSecure, which stole data on prescription strengths and doctors’ instructions to sell online, triggered the company’s collapse.

Even the Australian New Zealand Clinical Trials Registry was attacked in early 2025, with users’ login details stolen.