Australia to test ‘long-awaited’ healthcare cyber threat network
The Australian government is to establish a network for sharing information on cyber threats to healthcare.
Recently, AUD$6.4 million ($4.2 million) was set aside to establish an Information Sharing and Analysis Centre (ISAC) for the Australian health system.
WHY IT MATTERS
In Australia, ISAC has long been active in the banking and finance sector. The government said its establishment in other high-risk sectors such as healthcare was “long overdue.”
Applications for the government grant for the development of the ISAC in the sector are open until July 23.
THE BIGGER CONTEXT
The Australian healthcare system continues to be a major target for cybercriminals. According to the latest data from the Office of the Australian Information Commissioner, there were 104 reports of data breaches involving healthcare providers in the second half of 2023. Just before Christmas last year, St Vincent’s Health, one of the largest not-for-profit healthcare and aged care organisations in the country, reported that hackers have deleted some previously unknown data from its system.
This year also saw one of the largest ransomware attacks in the Australian healthcare system. In May, the e-prescription delivery service was MediSecure was hit by a cyberattack, which is believed to have exposed prescription information and personal data of healthcare providers from MediSecure’s systems to the dark web until November 2023.
In the meantime, Monash Health was also named as one of the companies whose data was affected by the ransomware attack that hit ZircoDATA in February.
In 2022, the Australian government passed legislation amending the Security of Critical Infrastructure Act 2018 to extend its protections to the health and medical sectors, among other changes. The amendment meant that hospitals and other entities within the sector would be required to undertake enhanced cybersecurity obligations, including conducting preparedness exercises and vulnerability assessments and developing a cybersecurity incident response plan.
Earlier this year, the Australian Cyber and Infrastructure Security Centre published advice for critical infrastructure sectors, recommending the establishment and maintenance of a critical infrastructure risk management program.
ON THE RECORD
“The past two years (have) been the start of a major, long-awaited national journey to improve cybersecurity across the country and better protect our citizens. The health service faces a triple vulnerability. Cybercriminals know that every Australian relies on these vital services – and they can’t afford to be offline for extended periods of time. Health providers tend to hold highly sensitive data and often struggle to build and fund strong cybersecurity defenses. As a result, health providers are among the most common and damaging targets for cyberattacks. It’s a pattern we’re seeing around the world,” said Clare O’Neil, Minister for Home Affairs and Cybersecurity, in a statement.