‘It only takes one person to get tripped’

Natasha Egan May 5, 2025

At BaptistCare, cybersecurity is everyone’s responsibility, says Daniel Pettman.

Close-up of Glasses Reflecting System Hacked Alert
(iStock.com/D-Keine)

In addition to common email tools to test the phishing literacy of staff, aged care provider BaptistCare has – with permission – used the form of artificial intelligence known as deepfake technology to create hoax videos.

“We deepfake our executives and then play it back to our staff and see if they can tell the difference,” said Daniel Pettman – chief information and digital officer at BaptistCare.

“And most people can’t because it’s a video. Sounds like, looks like, behaves like one of our executives, and then we educate them that no this is not a real video,” he told Australian Ageing Agenda over the phone in the second half of 2024.

“And you can see in people’s minds the gears churning and this is unfortunately a reality you have to deal with. Is the person on that Teams meeting even real anymore? You can clone audio in a couple of seconds from a person, so is that person on the phone real?”

In addition to his role at BaptistCare, Pettman chaired the sector’s technology roundtable for almost three years until recently. He was also the founding and inaugural chair of the Australian Aged Care CIO Network for over two years from mid-2021.

He said aged care organisations need to have good controls and awareness of these types of scams, particularly as they are going to become more sophisticated and complex as AI technology matures.

Daniel Pettman (BaptistCare)

Cybersecurity has been a big piece of BaptistCare’s digital transformation puzzle, said Pettman, who’s been with the organisation since 2011.

Starting over six years ago, he breaks their journey into three phases:

  1. architecture and systems integration
  2. cyber and data
  3. innovation

Cybersecurity was already taking prominence after some in the sector were compromised, said Pettman, and then the Optus and Medibank breaches in 2022 made it a mainstream concern. During that period, “we were aligning to cyber frameworks, we were putting in all the technical controls, having lots of conversations with our board and executive around it’s everyone’s responsibility.”

Over four years the results from staff testing on phishing literacy improved from a 19 per cent fail rate to under 4 per cent at the time of speaking. “Which is pretty much best in class,” said Pettman. His takeaway message: “Security is not optional. It’s got to be everything that we do.” This includes orientation, which led to a new starter questioning Pettman over its history of attacks.

“They said, ‘Wow, has BaptistCare had a major cyberattack or something? I can’t believe it’s in orientation.’ I said, ‘No, we don’t want to have one.’ We’ve tried to build that into the culture of the organisation that the realities are that everyone’s trying to steal our data that’s in our systems and we have to all be aware. It only takes one person to get tripped.”

Tech decisions are strategic

At BaptistCare, Pettman heads up Business Technology Solutions – the BTS department, which he highlights deliberately includes the words “business technology” rather than “IT”.

“Everything we do ties to a business strategy, the business outcome. That’s implicit in the name. That’s how we think.” The number one business priority at an organisational level is growth, he added.

This is evident in the ongoing amalgamations for the once New South Wales and Canberra-based provider. Most notably among them is the merger with BaptistCare WA in 2023 followed by the recent uniting with its counterparts BaptistCare, Baptist Care SA and Baptcare – which provide collectively provide services in Victoria, SA and Tasmania.

This merger was announced in November 2024 and completed on 7 March. The organisation now has over 12,000 staff and provide aged care and retirement living services, community housing and family and community support to over 38,000 customers across five states plus the ACT.

“There’s no shortage of IT related things to address when you’re a growing organisation,” Pettman told AAA.

The list includes everything from cyber and data reporting to integrating systems, decommissioning old systems and making sure data is private and secure. Integration activity involves getting everyone on common platforms, systems and reporting and skilling them so they can use the common platforms they may not have used before, he added.

“And often there’s quite tight timelines, particularly to do some acquisitions of handover and things have to be done by this date, and you’ve got to work with counterparties as well. There can be differences in maturity of technological systems and the quality of data and to make it all work on day one, there’s a lot of work to get done.”

The BTS department has five teams each responsible for different areas including:

  • data analytics
  • cyber
  • project delivery, such as strategic projects, mergers and acquisitions
  • operations, which runs IT support 24/7
  • innovation.

The last team, he says, has the most exciting time because they get to look at the tech that’s three years away. “They get to be in the AI and robotics spaces, virtual reality and those type of things,” said Pettman.

“It’s the fun stuff and they get to work directly with residents, our clients and customers and understand where technology can take us in the future,” he said. “AI is moving at such speed. That team is amazing to keep tabs on all of our AI initiatives.”

Digi transformation lessons

 You have to bake security into everything you do, says Daniel Pettman among lessons learnt (iStock.com/Oleh Stefaniak)

BaptistCare can spend more time on the fun stuff – innovation – because it has its digital foundations laid and made its systems secure.

Reflecting on the organisation’s digital transformation to date, Pettman has tips for others in the sector that come from both “things we did well” and others he “definitely would have done differently with the benefit of hindsight.”

1. Top-level buy in

“You absolutely need your board and executive onboard for digital transformation because it is a partnership between the technology department and the business,” said Pettman. “The IT department can’t do it alone. The business can’t do without the technology department.”

2. Good vendor management and partnerships

“The great challenge in this sector is lack of maturity, sometimes in the vendor space, which has been a cottage industry” where “a lot of solutions are designed for small players,” said Pettman.

Bigger organisations “need industrial strength technology solutions,” which is “about leveraging platforms, rather than lots of smaller solutions.”

Working strategically with partners can help you get what you need in the product for your organisation and help vendors have a better product for the sector, he said.

3. Security is not optional

“Security is such a fast-moving thing. The lesson we learned early on, is you have to bake security into absolutely everything you do. If you don’t bake it in you have to fix it later. And that’s really hard when you’re really busy and you move on to the next thing,” he said.

“Do it early. Align with the best standards out there in the industry. Make sure you have enough resource and capability in the security space because if you suffer an incident, then it’s going to slow everything down on every level of the organisation.”

Think of your reputation and the client impacted if their data is leaked, he said.

4. Be prepared to fail

“For every little innovative thing you explore, you will find some things that feel like they don’t work. But there are some things that work incredibly well and have huge benefits to the organisation,” said Pettman.

You have to try things, “learn it along the way” and see mistakes or missteps as informative that you can apply to the next phase, he said.

5. Culture is key

The culture of the technology team is incredibly important, said Pettman. Looking into “the deployment of AI and other emerging technologies, a lot of the research says that the barriers are often in the IT department because this technology is moving so fast.

“The IT department doesn’t necessarily need any more pressure or stress, so we’ve taken a very deliberate cultural approach in our IT department to get everyone to be involved in AI,” said Pettman.

This includes a hackathon where every team has to come back with a solution, weekly meetings where the whole team talks about AI, what’s coming and use cases, guest speakers and individuals responsible for driving the culture, said Pettman.

“That’s so important because IT departments sit in the middle of everything going on in an organisation, and if they’re not on that journey or they can’t be the ones being the forerunner and proving this stuff, it’s difficult to get traction in the broader business,” Pettman tells AAA.

“For us that was a critical point that we’re leading by example, and we’re up to date with the latest stuff and then we’re practicing what we preach.”

We hope you enjoyed this article – please add your comments below
Visit our features portal for more in-depth stories

Tags: baptistcare, cyber security, daniel pettman, digital transformation, security,

RELATED

new cabinet hero

Ministers sworn in, Libs elect first female leader

Katarina Lloyd Jones May 13, 2025
Kerslake hero

Guide Healthcare appoints commerical services GM

Katarina Lloyd Jones May 13, 2025
Shannon Sanderson

Shannon Sanderson moves to peak

Natasha Egan May 13, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisement