Skip to content


Raising cybersecurity maturity across primary care

We help you protect patient data by assessing your exposure to cyber risks and providing guidance and recommendations for mitigation.

Advisory Services

We support health sector organisations and professionals by providing general advice about improving cybersecurity measures, responding to cybersecurity incidents, finding and using cybersecurity tools, and all things in between.

You can use the Patients First team as a sounding board – we are here to help you identify and mitigate cybersecurity risks so that your patients’ private information is protected.

More broadly, we often act as a liaison for the Ministry of Health to support their projects and as a channel to disseminate information to the sector. Our knowledge and existing relationships in the sector can enable these projects to run more smoothly and communications to be managed efficiently.

Security Assessments

If you want the honest truth about how vulnerable you or your organisation are, we offer a free 1-hour security assessment of any online services that you manage.

The assessment will either confirm that you’re well protected, or it will show you the areas that need improvement and where you might need our advice or guidance.

Health Information Security Framework (HISF) assistance

The Health Information Security Framework (HISF) supports health and disability sector organisations and practitioners holding personally identifiable health information to improve and manage the security of that information. It provides advice about procedures, minimum requirements and technical standards. 

Compliance with the framework’s risk management section has been required since 1 July 2016 for any organisations managing health information.

We offer the following assessment services to help you comply with the HISF:

Cloud Risk Analysis

We review the cloud-based technology you use in the context of your business, identify and analyse risks, and then provide evaluation and reporting for your use.

Privacy Impact Assessment

We review the way that you hold and store documentation, identify and analyse privacy-related risks, and then provide evaluation and reporting for your use.

Penetration Testing

We test your network or web applications to find security vulnerabilities that an attacker could exploit and provide mitigation strategies.