Cyber Resilience in Aged Care:

Protecting Data, People and Trust Under the New Aged Care Act

Inner Banner Globe Image
Phishing Awareness

Cyber Resilience in Aged Care: Protecting Data, People and Trust

June 24, 2026

As Australia’s aged care sector prepares for the new Aged Care Act which came into effect on 1 November 2025, providers are under increasing pressure to modernise systems while maintaining the highest standards of data privacy, security, and resident care. With digital transformation accelerating across clinical systems, care platforms, and third-party services, the sector is also facing a surge in cyber threats including phishing attacks, ransomware, and supply chain vulnerabilities.  

For aged care organisations, cyber security is no longer just an IT issue, it is a critical component of safe, compliant, and person-centred care. 

The Growing Cyber Threat Landscape in Aged Care  

The aged care sector is a prime target for cybercriminals due to the volume of sensitive personal and health data it manages. Phishing attacks remain the leading cause of breaches, often exploiting busy staff through realistic emails that result in credential theft or unauthorised access. 

Once inside systems, attackers can deploy ransomware, locking access to vital care records and operational platforms. At the same time, supply chain attack, through third-party software vendors, medical devices, or service providers are creating new, less visible risks. 

Under the new Aged Care Act, providers must demonstrate stronger data protection, privacy governance, and accountability, making cyber resilience a regulatory as well as operational priority. 

Insights from Aged Care Week Conference  

At Aged Care Week in Sydney, these challenges were front and centre of industry discussion. Phriendly Phishing was proud to be part of the conversation, with our colleague John Dryden, Senior Cyber Security Consultant, contributed to a key panel session. 

John reinforced a critical shift for the sector: 

“The best providers will not succeed simply by digitising faster, but by doing so with discipline and purpose, embedding security, privacy, and care into every system and decision.” 

He highlighted that leading organisations will invest in practical cyber security training, equip staff to handle real-world risks, and continuously test their readiness through simulations and exercises. Importantly, they will challenge assumptions around access, safety, and risk. 

John also emphasised that resident dignity, rights, and experience must remain central, even under pressure or limited oversight. 

Why Human-first Design to Cyber Security Matters 

Many aged care providers focus heavily on technology controls but overlook the human element of cyber risk. Staff are not the weakest link; when empowered, educated and supported, they become your strongest line of defence. 

To ensure cyber resilience is embedded across your organisation, people and members, you need to: 

  • Embed security and privacy by design across all systems 
  • Strengthen defences against phishing, ransomware, and supply chain risks 
  • Invest in continuous, practical staff education and training  
  • Prioritise resident-centred data protection 

This requires a mindset shift. Cybersecurity cannot sit solely within IT; it must become embedded across the organisation. Staff at every level need the confidence and capability to recognise threats and respond appropriately. This is where many organisations fall short, relying on one-off training or compliance-driven modules that fail to reflect the realities of daily work. Effective cyber resilience is built through ongoing education, practical simulations, continuous testing of readiness, actionable insights and measurable impact. 

Phriendly Phishing addresses this gap by combining human-first design with AI-driven intelligence to deliver measurable behaviour change. Our approach goes beyond awareness as we focus on how people behave under pressure, tailoring training to real scenarios staff encounter. From targeted phishing simulations to adaptive learning pathways, we help aged care teams build instinctive, confident responses to cyber risks. 

As the aged care sector enters new era regulatory change, cyber resilience is essential to delivering safe, trusted, person-centred care. Organisations that invest in both technology and human-centred capability will be best positioned to navigate risk, meet regulatory expectations, and, most importantly, protect what matters most. 

For more information on how we can support and partner with you in keeping your aged care organisation and people cyber safe, please contact us today. 

Share this article

Phriendly Phishing Logo