NSW Health, primarily through Local Health Districts, manages large volumes of patient information. Clinicians in busy hospital environments require timely access to data and systems to effectively treat patients. Increased accessibility may in turn increase the risk of poor data and system security practices. Recent experience in other jurisdictions has also demonstrated that operational assets that are controlled using technology may be targeted for cyber attacks. All NSW Health organisations must comply with the NSW Government’s Cyber Security Policy, as well as with NSW Health’s own policy directive on electronic information security. This audit could assess how effectively NSW Health, particularly Local Health Districts and eHealth NSW, is ensuring the security of electronic information and systems used for patient care.