ICT Security Enhancements

Secure systems

We are committed to maintaining the security and safety of the Blood Sector Systems (BloodPortal, BloodNet, BloodSTAR, ABDR and MyABDR) to mitigate cyber security incidents and to meet our obligations to comply with the Australian Government’s security strategies(Opens in a new tab/window).

As part of this commitment, we will be introducing the following:

Multi Factor Authentication for all Blood Sector Systems
Changes to password resetting requirements for all Blood Sector Systems
Changes to password format requirements
Removal of login PIN for MyABDR mobile app
Improved AHPRA matching in BloodSTAR
Updated Terms and Conditions of Use for all Blood Sector Systems

More information on how the changes will apply to you are provided below. We will continue to update this page with further guidance as we approach the expected implementation date on 15 September 2024.

Multi Factor Authentication

Multi Factor Authentication (MFA) is one of the best ways to protect against someone breaking into your account. This keeps the sensitive health information stored in our systems secure. More information on MFA is available from the Australian Cyber Security Centre: Protect Yourself: Multi-Factor Authentication | Cyber.gov.au(Opens in a new tab/window)

MFA means you will need to use an authentication method in addition to your username and password to login to your account for the Blood Sector Systems.

We have selected Okta to provide MFA services and you will be able to choose one of the following authentication methods:

SMS (six digit code)
Email (six digit code)
The Okta Verify Authentication App (six digit code)
The Okta Verify Authentication App (push notification)

The mobile number and email address used for the authentication method must be the same as the one used for your account for the Blood Sector Systems.

It is recommended you install the Okta Verify app on your mobile phone now, ahead of the upcoming changes by using the below links to the Google Play store and Apple play store respectively. However the app won’t be able to be linked to your account for the Blood Sector Systems until the release date of 15 September 2024.

For Android Devices, please download the app from the Google Play Store.(Opens in a new tab/window)(Opens in a new tab/window)
For Apple Devices, please download the app from the Apple Store(Opens in a new tab/window)(Opens in a new tab/window).

To prepare for this change you can:

Review and update your account details in the Blood Sector Systems: including mobile number, email address, security questions and other contact details.
Start a conversation in your work area: discuss with your work colleagues and manager how this might change the way you use the blood sector systems – particularly if staff at your facility share accounts.
Install the Okta Verify Authentication app: Install the mobile application from the Google Play Store(Opens in a new tab/window)(Opens in a new tab/window) or Apple Store(Opens in a new tab/window)(Opens in a new tab/window).

More information on how to connect the Okta verify app to your account and how to login using MFA is available in the BloodPortal User Manual.

BloodPortal User Manual and Multi Factor Authentication instructions.pdf
1.56 MB

An example of the new BloodPortal login screen that you will see when accessing your account is provided below.

Password resetting requirements for Blood Sector Systems

We are making some changes to how we manage access to Blood Sector System accounts (including BloodPortal, BloodNet, BloodSTAR, ABDR and MyABDR). This includes changes to password resetting requirements based on how frequently you login to your account.

The table below sets out the rules for when you will need to reset or reactivate your account.

Account Activity	Password reset requirements
Unused for 45 days and up to 12 months	Reset your password on your next login
Unused for 12 months or more	Contact our Blood Operations Centre on 13000 BLOOD (1300 025 663) to have your account reactivated

With the implementation of these new security requirements, the existing 90-day period for the changing of passwords will be updated to a 12-month period instead. This means that regardless of how frequently you login, you will need to change your password every 12-months, instead of the previous 90-day timeframe.

If you get your login details wrong too many times your account may be locked for a short period of time (i.e. 5 minutes) before you can try again.

An email warning will be sent to you in the following circumstances:

When an account is close to the 45-day inactivity period which will require a password reset.
When an account is close to the 12-month inactivity period which will result in your account being archived.

Password format requirements

When you create or update a password it will need to be 14 characters long and contain upper and lower case letters. The full set of password requirements are:

At least 14 characters
A lowercase letter
An uppercase letter
No parts of your username
Password can’t be the same as your last 10 passwords.

Removal of login PIN for MyABDR mobile app

With the introduction of MFA you will no longer have an option to login to the MyABDR mobile app with a PIN in place of your email address and password. You will be required to enter your email address and password along with an authentication method each time you login.

You can still choose to work offline and save data locally in the app, however you will be required to login using MFA before this data syncs back to the NBA.

Improved AHPRA matching in BloodSTAR

Additional information will be sourced from AHPRA to support verification of; and improve the accuracy of matching AHPRA data to health practitioners in BloodSTAR.

When you submit an access request form with an AHPRA number, your full name will be checked against your AHPRA registration.

If your full name in BloodPortal does not match your full name on your AHPRA registration you will be required to update your details in BloodPortal before you can submit the access request form.

If your full name in BloodPortal does match your full name on your AHPRA registration, further information will be shown including, full name, specialities, date of first registration and place of practice. You will be required to confirm the AHPRA details are correct before submitting the access form.

BloodSTAR will automatically suspend roles for a facility where there has been a change to your AHPRA registration for a speciality or a facility. The role will remain suspended until your AHPRA registration is restored.

Updated Terms and Conditions of Use

The Terms and Conditions of Use for all Blood Sector Systems have been amended to reflect the security enhancements described above. The new Terms and Conditions of Use can be viewed here.

You will be required to accept the new Terms and Conditions of Use on each login following the implementation on 15 September 2024 and again at any time the Terms and Conditions of Use are updated.

Blood Sector Systems User Manuals and Release Notes

The following User Manuals for the Blood Sector Systems have been updated to include the new MFA login processes:

BloodPortal User Manual and Multi Factor Authentication instructions.docx
2.21 MB

MyABDR App User guide.docx
2.27 MB

MyABDR Web User guide.docx
1.95 MB

The following Release Notes provide a summary of all the changes to the Blood Sector Systems as part of the ICT Security Release on 15 September 2024.

BSS Release 02 2024 - Release Notes.docx
831.61 KB

Last updated: 06 Sep 2024

Search

Latest Updates