The dangers of using hacker-friendly public Wi-Fi

15 March 2018 | Joyce Harkness, Chief Information Officer, Avant

As a busy doctor it may be tempting to use free public Wi-Fi at a conference or in a café to respond regarding a patient’s urgent script request or to review some blood tests. However, this is not good practice and can make you vulnerable to cyber-attacks.

You may not realise it, but it's very easy to listen to, or start a conversation with other devices, such as smart phones or laptops, on a public network. All that’s needed is access to the network and the right tools to listen.

Once you are on a public network, a hacker can readily identify any devices present on that network and possibly decipher encrypted traffic being transmitted to and from your device.

Any application on your device that is set to automatically login and synchronise information to and from your device (for example, e-mail, social media or cloud storage etc.) is susceptible to leaking sensitive information (passwords or personal data) to a hacker.

Key tips

Before connecting to a publicly available Wi-Fi network, it’s a good idea to ask yourself the following questions:

  • Do you really need Wi-Fi enabled at all times, wherever you go?
  • Is the few dollars you save connecting to a public Wi-Fi network worth the risk of potentially leaking personal or financial data to someone?

There are a few steps you can take to minimise your risk while accessing information when you’re on the move:

  • If conducting work-related or private business including any communication with patients, always use mobile data.
  • If using a laptop, use your phone as a hotspot with mobile data enabled.
  • If you do decide to use free public Wi-Fi:
    • switch off auto-synchronisation on your device
    • connect manually, meaning do not select “auto connect” and
    • disconnect the Wi-Fi connection as soon as you finish using it.

Mandatory data breach notification

If patients’ health information is released or accessed publicly from or via your phone, this will be a data breach and you will need to consider whether it needs to be reported to patients and the Office of the Australian Information Commissioner. Read our article for more information on the new privacy laws, which came into effect on 22 February 2018, and look at our data breach resources to help you comply.

More information

You might be interested in our factsheets: Recommendations when using SMS messaging and Keeping it professional: social media for doctors.

If you need advice on this issue or any other issues, visit our website or call our Medico-legal Advisory Service (MLAS) on 1800 128 268 for expert advice, 24/7 in emergencies.

Share your view

We welcome your feedback on this article.