Cyber security for Australian specialist medical practices,
built by a named Australian expert.

Two careers in one place: in IT since 1996, in security and digital forensics since 2018. Practice Security Watch gives you the cyber posture your insurer, AHPRA, and your board want to see, without hiring a CISO. Federal Court of Australia · OAIC-ready evidence · UNSW Business School, Cyber Security Management

Book a 20-minute call with Matt

Get urgent help

What you're really protecting

Your practice's reputation

Your patients, your partners, and your peers trust you to keep sensitive information safe. Practice Security Watch protects your reputation by making sure that trust is never broken.

What we do

Three ways we help your practice

1. Be ready when your partners ask.

Dark-web monitoring with quarterly evidence reports. Ongoing oversight of credentials, patient-data exposure, and practice reputation across public, deep, and dark web sources. You can produce an evidence pack within 24 hours of a partner, insurer, or regulator request.

2. Protect every month, not just every audit.

Practice Security Watch. A monthly security service for Australian specialist medical practices. Every day we watch the dark web and your external footprint. Every month we run a security test, automated where automation helps and hand-checked where it matters. Every quarter Matt writes a posture letter your board, insurer, or regulator can read. If anything looks wrong at 9pm on a Saturday, Matt's mobile is the first call. We sit alongside your managed service provider, or stand alone if you don't have one.

3. When something has happened.

Breach response, forensic investigation, OAIC-ready reports. Four business hours from your call to speaking with an investigator. All forensic analysis performed in Australia on Australian infrastructure.

The service

Three pillars

Technical controls

Daily monitoring of your systems and your external footprint. Monthly security testing. Modern protection on every laptop and server. Two-step logins and identity hardening on your Google Workspace or Microsoft 365.

Data and information controls

A clear picture of where patient information lives, who can see it, how long you keep it, and how it is protected. Access reviews, retention reviews, and a breach-readiness drill. Privacy Act, My Health Records, and AHPRA-aligned.

AI compliance advisory

AI is arriving in practices fast: dictation, clinical scribes, imaging, administrative tools. As you adopt it, we help you document how it is used responsibly, in line with AHPRA and the Privacy Act.

Data discovery

Find your data before an attacker does

Patient data has a habit of spreading. Old spreadsheets, forgotten email attachments, ad-hoc shared folders. Our Australian-built data scanner sweeps your network, your cloud email (Microsoft 365, Google Workspace), and your cloud storage (OneDrive, SharePoint, Google Drive). It hands you a map of where sensitive information actually sits. From there we help you consolidate it into one governed location. That way you can show your insurer or AHPRA that you know where every record is.

What it guards against

Four risks it is built to address

Ransomware

disabling your practice and locking patient records.

Patient data leaks

whether deliberate exfiltration or an accidental share.

Email and identity compromise

leading to fraud, impersonation, or unauthorised access to records.

Supplier or plugin breach

where an external dependency is the attacker's way in.

Why Matt specifically

When something goes wrong

an IT provider's instinct is to fix the problem. The forensic evidence the OAIC, your insurer, or a lawyer might later want is often overwritten in that process, with nobody at fault.

A cyber insurer’s hotline

routes you to a panel firm that has never heard of your practice.

Matt, named principal,

picks up the phone, preserves the evidence, contains the damage, starts the regulatory clock, and writes you an incident brief within 24 hours. That is the difference.

First 30 days: Within the first 30 days of signing, we pinpoint the three highest-risk exposures across your external surface, your identity footprint, and your Google Workspace or Microsoft 365 posture. We close what is ours to close. Where your IT provider owns the fix, we specify it precisely and track it to closure.

How we work

Alongside your existing IT provider

We work alongside your existing managed service provider rather than replacing them. We identify the risk, specify the fix, and hand clear instructions to your IT provider. Your provider does the implementation and invoices you directly for that work.

In scope with us

Security strategy, risk advisory, assessment, daily monitoring, incident response coordination, expert reporting.

Your IT provider handles

Day-to-day IT administration, server migrations, licence upgrades, hardware replacement, network configuration. Commercial endpoint monitoring licensing such as Microsoft Defender or CrowdStrike sits here too, though we can provide it under a separate quote. These items are scoped and invoiced by your IT provider, not included in our quote.

Don't have an MSP? Ask us. We can introduce you to Australian IT providers who already work to the standards Practice Security Watch expects.

Credentials

Why your practice, and why us

Named Australian principal.

Matt O’Kane, principal of Notion Digital Forensics, holds every engagement end to end. You are not handed to a panel analyst or an offshore team. One named expert, accountable for the work, based in Australia.

Court-tested methodology.

More than 190 engagements since 2018 across litigation, breach response, insider threats, and forensic investigation. What we learn about how attackers actually operate goes directly into how we design your protection. Our principal wrote and ran Cyber Resilience and Information Assurance Principles for the Australian Defence Force Academy and co-writes cybersecurity courses at UNSW Business School.

Australian data stays in Australia.

Every matter. Every email. Every forensic image. Analysis performed in Australia on Australian infrastructure. Patient data does not leave the country. Custom-built Australian-sovereign AI pipeline, human expert supervised.

What you get back

Compliance, peace of mind, someone to call

Compliance with your insurer

Your cyber insurer asks more every year: two-step logins, secure backups, a plan for when something goes wrong, modern protection, staff trained to spot phishing. Practices that can't show this face higher premiums or cover refused. We keep your evidence ready, refreshed every quarter, so renewal is a document you already have.

Peace of mind

Every day we scan your external footprint, the dark web, and your key identity signals. Your IT provider handles availability, patching, and backups; we handle the intelligence layer they don't cover. Monthly testing finds problems before they become incidents. A quarterly letter tells your board and partners what is being done, and what is being fixed.

A named expert to call

If something looks wrong at 9pm Saturday, Matt is the first call. He knows your practice already, helps you contain the damage fast, protects the evidence your insurer and regulator will later want, and writes your incident brief within 24 hours.

Be the one with the answer ready.

Book a 20-minute call with Matt. We'll talk through your practice, your partners' concerns, and what readiness looks like for you. No pitch, no commitment, no cost.