cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Report: Australian patient data increasingly at risk due to cyber attacks

More than one in three hospitals are currently vulnerable to digital fraud and spoofing attacks due to a lack of email security.

user icon David Hollingworth
Wed, 13 Dec 2023
Report: Australian patient data increasingly at risk due to cyber attacks
expand image

New research has shed light on the state of security in top hospitals across Australia, and the results do not look at all healthy.

According to cyber security firm Proofpoint, more than one in three hospitals have properly implemented email validation protocols in place, leaving them vulnerable to a range of email-based attack vectors.

Proofpoint undertook a DMARC analysis of 70 public and private hospitals to check what levels of protection were in place at each. DMARC stands for Domain-based Message Authentication, Reporting and Conformance, and it features three levels of protection: reject, monitor, and quarantine.


What the company found was that while 97 per cent of hospitals did have DMARC protocols in place, only 64 per cent had implemented them with the highest level of protection, which is capable of blocking suspicious emails outright. This lack of protection leaves hospitals in danger of falling victim to phishing and spoofing attacks, which could, in turn, lead to data breaches.

Steve Moros, senior director of advanced technology group, Asia-Pacific and Japan at Proofpoint, believes that hospitals need to do more to protect patient data.

“Hospitals are uniquely at risk due to the highly sensitive patient data they store, which includes everything from a person’s identifying information like their date of birth, gender, and address, through to their bank account details and, of course, medical history. These details make hospitals a prime target for threat actors,” Moros said in a statement. “With email-based phishing attacks remaining one of the most common techniques used by cyber criminals, hospitals should prioritise tightening email security.”

Surprisingly, public hospitals were found to have tighter email security than their private counterparts. Seventy-seven per cent of public hospitals have full DMARC protocols in place, compared to just 44 per cent of private facilities.

“Hospitals are organisations that all Australians, at some point in their lives, will engage with and share their sensitive, personal information with,” Moros said. “Threat actors know this and can prey on the people in our society who need to be cared for, as well as the doctors, nurses and other staff providing this care.”

“Implementing email authentication protocols such as DMARC provides a crucial line of defence to strengthen protection against email fraud and ensure the safety of patients and their families, as well as employees and other stakeholders from potentially harmful cyber threats.”

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.