SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
SIEM
#
Digital Transformation
#
Encryption

Under the knife: Healthcare sector grappling with rising ransomware threat

Fri, 3rd May 2024
By Matthew Lowe, ANZ Country Manager, LogRhythm

Australia's healthcare system, long regarded as a world leader in patient care, is facing an increasing and potentially life-threatening challenge: ransomware attacks.

These cyber assaults, where malicious software encrypts critical data and holds it hostage until a ransom is paid, are becoming an increasingly common occurrence, disrupting vital services and putting patient safety at risk.

The healthcare sector is a prime target for cybercriminals due to the sensitive nature of the data it holds. Patient records, containing everything from medical history to financial information, are highly valuable on the black market.

Additionally, healthcare organisations often have complex IT systems with legacy infrastructure, making them more vulnerable to attack.

Recent attacks highlight the problem
The past few years have seen a disturbing rise in high-profile ransomware attacks against Australian healthcare providers. 

According to statistics from the Notifiable Data Breach (NDB) scheme, breaches of Australian healthcare providers surged during the second half of 2023, rising by 19% during the period.

The Office of the Australian Information Commissioner (OAIC) received 104 notifications of data breaches involving health service providers between July and December 2023 – up from 63 breaches in the first half of the previous year.

Three of the reported breaches each affected more than 1 million individuals each, while two breaches affected between 500,000 and 1 million people.

Two-thirds of the incidents were blamed on malicious attacks – including 28 per cent attributed to phishing, 27 per cent to compromised or stolen credentials, and 27 per cent to ransomware.

The causes of vulnerability
Several factors contribute to the heightened vulnerability of Australian healthcare institutions. Firstly, the sector is undergoing rapid digital transformation, with increased reliance on electronic health records and connected medical devices. This creates a larger attack surface for cybercriminals to exploit.

Secondly, many healthcare organisations have limited cybersecurity budgets and expertise. Unlike large banks or financial institutions, healthcare providers often prioritise patient care over IT security investments. This leaves them with outdated systems and inadequate security protocols.

Thirdly, the COVID-19 pandemic exacerbated the problem. With increased reliance on remote work and telemedicine, the potential entry points for attacks grew. Additionally, the urgency of the pandemic may have led to relaxed security protocols in some organisations.

Improving defences
Fortunately, steps can be taken to mitigate the risk of ransomware attacks. Some of the key preventative measures include:

  • Implementing a strong cybersecurity stack:

A cybersecurity stack comprises many tools and processes that are put in place to strengthen the security of the organization. After understanding the risks healthcare organisations face, a stack targeted to reduce that risk to the lowest would be a priority for CISOs. One of the critical tool would be the Security Information and Event Management (SIEM), which help identify security incidents, offer real-time monitoring, correlation, and alerting capabilities by collecting and analysing security logs from multiple systems and applications.

  • Fostering a culture of security awareness:

Healthcare workers need to be aware of the ever-present cyber threat. Regular training on phishing scams, social engineering tactics, and safe credential practices can significantly reduce the risk of human error leading to an attack.

  • Enforcing strong password policies:

Implementing complex passwords and enforcing regular password changes are essential in preventing unauthorised access to systems. Multi-factor authentication (MFA) adds another layer of security.

  • Patching systems regularly:

Software vulnerabilities often provide a gateway for attackers. Implementing a rigorous system of identifying and patching vulnerabilities promptly helps to keep these entry points closed.

  • Conducting regular data backups:

Having a robust data backup system allows for swift recovery in case of a ransomware attack. Backups should be stored securely and disconnected from the main network to prevent them from being encrypted.

Additionally, health providers should ensure that their data is segmented to the highest degree possible, strengthen their security posture and adopt cybersecurity solutions that detect and block malicious behavior.  Security information and event management solutions help teams centrally collect data across the environment to gain real-time visibility and better detect, analyse, and respond to cyberthreats. 

Additionally, authentication and access controls, detection and response capabilities with real-time monitoring and visibility are crucial to ensuring that healthcare systems remain up and running.

Collaboration is key
The fight against cybercrime requires a multi-pronged approach. Healthcare organisations need to work collaboratively with cybersecurity experts and government agencies to share best practices and develop robust defence strategies. Open communication and information sharing are crucial in identifying emerging threats and coordinating responses.

As the healthcare sector continues to embrace technology, cybersecurity needs to be prioritised. This requires investment in secure infrastructure, training programs, and skilled IT personnel.

The cost of such investments pales in comparison to the potential consequences of a successful ransomware attack – disrupted patient care, financial losses, and reputational damage.

By taking a proactive approach, healthcare organisations can build a more resilient IT infrastructure and ensure the continued delivery of safe and efficient healthcare in the face of evolving cyber threats. The health of Australia's population depends on it.
 

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Dynatrace joins Microsoft security group to enhance cloud safety
Trellix report reveals evolving ransomware ecosystem trends
SquareX unveils browser security tech at Melbourne CyberCon
Varonis expands IaaS security to Google Cloud service
Experts warn businesses of escalating cyber security threats
Top stories
Dave Schneider joins Logpoint as VP of marketing
Prompt Security raises USD $18m for GenAI protection
Appsflyer adds AI layer to boost fraud prevention tool
HP launches Enterprise Security Edition for secure PCs
Rubrik unveils data protection for Azure Blob Storage