Our statement on Cyber Security.

We take cyber security seriously

At HIF, we value the privacy and security of our members’ data.

But when cyber-attacks happen, like they did at Ticketek and Medibank, it serves as a reminder to us all to remain vigilant.

We encourage all our members to access the below reputable resources that outline additional steps you can take to limit your personal risk of digital fraud.

• Australian Cyber Security Centre (ACSC)
• Australian eStafety Commissioner
• IDCARE
• Moneysmart – the Australian Securities and Investments Commission’s (ASIC) website for consumers and investors
• Office of the Australian Information Commissioner – the independent regulator for privacy and freedom of information

How HIF is protecting your data

At HIF we value the privacy and security of our members’ data. To help ensure it remains secure, we have employed tools, procedures, and personnel to ensure:  

• 24/7 monitoring and multi layered protection of member data. 

• We perform customer checks whenever you call in or log into the mobile application. 

• Ongoing cyber training for our staff to stay up to date on the best ways to protect member data.

That said, we always encourage our members, healthcare providers and/or the wider community to report any suspected incidents they may have experienced.

If you suspect a cyber security incident, or have any concerns regarding suspicious activities, complete the online form at Reporting Cyber Security Incident | HIF.

Our cyber security team will review all concerns raised in confidence and protect the identity of anyone who provides information. If confidentiality is a concern, you can remain anonymous. 

What if … we told you how to avoid phishing scams

Phishing is a type of online scam where criminals attempt to deceive unsuspecting individuals into giving out personal and sensitive information such as usernames, passwords, credit card numbers, and bank account details.

To avoid falling for internet scams, it's important to be aware of the common tactics used by phishers.

Top tips to avoid phishing

• Double-check the sender's email address and avoid clicking on links or downloading attachments from unknown senders. This also applies to TXT/SMS messages.
• Be cautious of emails that ask for sensitive information, such as passwords or credit card numbers. Legitimate companies will never ask for this information via email.
• Enable multifactor authentication (MFA) on all accounts. This adds an extra layer of security to your accounts by requiring you to enter a code in addition to your password when logging in. This makes it much more difficult for fraudsters to access your accounts, even if they have your password.
• Keep your computer and mobile phone up to date with the latest security patches and to install antivirus software to protect against malware, even on your phone.
• Do not reuse passwords between accounts. Use a Password Manager to keep passwords secure and change them periodically. 
• Be wary of any offers that seem too good to be true.
• Unless you are certain the sender is genuine, avoid opening links directly from emails, TXTs/SMSs or calling any numbers provided. It is always safer to navigate to the genuine website you are familiar with and use the contact methods provided on the website or login to verify any activity, messages or notifications linked to your account.

Phishing is a serious threat to internet users and can have devastating consequences.

By being aware of common tactics used by phishers, enabling multifactor authentication (MFA), keeping software up to date, and not reusing passwords between accounts, you can avoid falling for internet scams and protect yourself from the dangers of phishing.