Cyber attacks on Australian hospitals and healthcare providers are becoming a more frequent occurrence. The Australian Cyber Security Centre, the ACSC, has recently warned healthcare providers in Australia of an increased number of cyber attacks aimed at the healthcare industry.
The ACSC has identified ransomware and other cyber attack methods as leading to dangerous breaches of sensitive hospital data, which can have widespread ramifications if not addressed and preempted.
Let’s examine the current state of cyber attacks on Australian hospitals and healthcare providers, as well as the initiatives launched by the Australian government to help combat these frequent cyber attacks and mitigate their effects.
Common Cyber Attacks Against Australian Hospitals
There is a common thread uniting most cyber attacks targeting the Australian healthcare system. Rather than one-off attacks, cybercriminals are working to gain access to secure networks and then dig deeper into these system infrastructures. From that deeply entrenched position, cybercriminals are launching their attacks, which can enact more widespread damage and compromise greater amounts of data from deep inside the system.
The widespread shift to virtual medical services and data sharing with patients, combined with troublingly low levels of cybersecurity in the medical sector, make the healthcare industry an enticing target for enterprising cybercriminals.
According to reports released by the ACSC, between 2019 and 2020 there was a reported 84% rise in cyber attacks in the healthcare sector in Australia, and the true percentage could be even higher. Cyber attacks and data breaches of confidential patient information can be difficult to spot. It can take years before patients and healthcare providers are able to identify that their data has been compromised, at which point the damage has already been done.
The Australian medical insurance company Medibank suffered one of the worst cyber attacks of 2022 when hackers demanded a $10 million ransom for the return of sensitive patient information. The attack affected nearly 10 million patients and included private data on the Australian Prime Minister Anthony Albanese, as well as the cybersecurity minister Clare O’Neil.
Challenges To Cybersecurity in the Healthcare Sector
Cybercriminals target the healthcare sector specifically because of the veritable gold mines of valuable data stored in its system, from confidential patient files to large-scale financial records and information. A few of the challenges facing the healthcare sector when it comes to cybersecurity include:
- Lack of training
- Underinvestment in digital infrastructure
- Inadequate cybersecurity measures
- Multi-agency collaboration
- Outdated infrastructures
- High cost of cybersecurity implementation
- Low-level cyber literacy among the workforce
This all adds up to abundant vulnerabilities and poorly protected points of entry for cybercriminals to exploit. When these weak spots protect valuable and sensitive data, the consequences can be huge, resulting in widespread damage.
How the Australian Government Is Working to Prevent Cyber Attacks
The Australian government has recently released a new cybersecurity strategy that presents more stringent government-sponsored cybersecurity regulations. The plan is set to take effect by 2030 and will include widespread measures to protect all industries, including the healthcare sector.
In early March of this year, CISC, the Australian Cyber and Infrastructure Security Centre, published a new risk assessment advisory that targets the medical and healthcare sectors. The advisory includes a robust risk assessment methodology, providing guidance for mitigating and controlling cybersecurity risks within the critical infrastructure of these sectors.
The document also details where risks can be identified within critical infrastructures and how healthcare organizations can determine the critical risk level of specific assets and interdependencies.
The Australian healthcare sector will need to shore up its cybersecurity measures quickly, both to keep up with the growing threat of cyber attacks, and to ensure that it both meets the new government regulations and satisfies the new CISC risk assessment advisory.