Local Health Districts manage large volumes of private patient information and have their own systems for data management with differing approaches to data protection. Clinicians in busy hospital environments require timely access to data and systems to effectively treat patients. Increased accessibility may in turn increase the risk of poor data and system security practices. Recent experience in other jurisdictions has also demonstrated that operational assets that are controlled using technology may be a target for cyber-attacks. This audit could assess how effectively NSW Health is ensuring the privacy and security of patient data.