Login
iscover
Aaron Bugal, field CTO for APJ at SophosShare this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Australia’s healthcare system is under attack like never before – how do we defend this essential service from rising cyber attacks?
The Australian healthcare industry has a long history of supporting Australians during times of injury and sickness – mending broken bones, nursing people through illnesses, and addressing myriad other medical needs.
However, this caring nature is not being reciprocated, and the sector is under attack. Persistent cyber security breaches and large-scale attacks mean the industry is a leading victim of cyber crime with no respite in sight.
Worryingly, a breach to a healthcare organisation can potentially have significantly more serious consequences on people’s lives than a typical business. We have witnessed medical records, addresses, and very personal information make their way onto the dark web – opening the door for disturbing outcomes if this information gets into the wrong hands.
Cyber threats are spreading throughout the industry
The cyber security challenges overwhelming the Australian healthcare industry are not new. The Office of the Australian Information Commissioner (OAIC) reports the healthcare sector has been the most breached industry in the last five years – not a title you want to own. In the government agency’s most recent report, healthcare organisations were breached 62 per cent more than the next highest industry (public sector).
Unfortunately, these ongoing data breaches have not just been small, and healthcare organisations have fallen victim to mass cyber attacks. Recently and most notably was the Genea IVF clinic ransomware attack, where the Termite ransomware gang stole 700 gigabytes of sensitive patient information and published it on the dark web. Genea shut down its system for multiple days as it attempted to recover – a common theme to recovery as Sophos’ State of Ransomware in Healthcare 2024 report found that 78 per cent of healthcare organisations took more than a week to recover from a ransomware attack.
Globally, the cyber security landscape for the healthcare industry remains unwell, too. In 2024, United Health-owned Change Healthcare experienced the largest data breach for a healthcare organisation in US history, which the company recently reported had affected 190 million people.
A fleeting challenge or chronic ailment?
It is important to note cyber criminals are malicious by nature. They are also inherently ambitious, always looking to steal more data, breach more companies, and receive more financial compensation.
Cyber criminals recognise previous successes, and the target placed on healthcare organisations is growing. Sophos found ransomware attacks against healthcare organisations globally have reached a four-year high since 2021, despite the overall rate of ransomware across all industries declining from 66 per cent in 2023 to 59 per cent in 2024.
It is, therefore, imperative that healthcare organisations do not treat cyber security as a passing trend and instead intensify their focus on ensuring they have the right remedies in place to cure this issue.
Setting the healthcare industry on the road to recovery
The last 12 months have been a harsh wake-up call for the healthcare industry. As the cyber security battle for organisations is about both making up lost ground and staying ahead of threats in the future, a culture shift is required.
Board member meetings should explore similar industry events that involve data breaches from cyber incidents and determine if the root cause and/or impact applies to their own business. Companies should then review their risk register to ensure coverage of any potential exposure and plan a path to bridging the gap. At the very least, this will help galvanise their proposed incident response plans, validate their cyber security investments and foster a positive attitude towards cyber risk.
Coinciding with the culture shift, healthcare organisations should strengthen their cyber security infrastructure. Healthcare technology leaders already face several IT challenges, such as IoT/ OT connectivity, data exchange interoperability, regulatory compliance, and AI exploration. This huge workload means healthcare IT teams are increasingly overwhelmed. However, they don’t need to try to be the panacea; instead, they can look to third-party support from cyber security experts that can provide 24/7 protection against cyber threats, freeing healthcare organisation staff to concentrate on more pressing matters.
Much like its patients, with the right attention and treatment, the healthcare industry can bounce back from past injuries and become more cyber secure in the future.
Be the first to hear the latest developments in the cyber industry.
