If there is one thing that unites the healthcare sector, from local GP’s to large hospitals and care providers, is their unwavering dedication to patient care. The evolution in medical technology and diagnostics creates huge improvements in symptom identification and patient recovery - however, the growing reliance on medical technology also creates a larger cybersecurity problem. The interconnectedness of medical technology from BYOD, hardware, cloud networks and IoT coupled with the higher value of stolen medical data on dark web networks, means that healthcare providers around the country are more prone to attack than most other industries. 

To add to the perfect storm, budget is always hard to find within healthcare due to the many competing interests. With stretched budgets, exhausted staff, a technology skills shortage and fast-moving malicious attacks hitting our country every day - it’s no wonder our healthcare sectors are feeling the strain. Oh, and add to that another raft of security compliance protocols being handed down through the Security of Critical Infrastructure Act 2018 (SOCI) that now includes healthcare organisations, adding to an already stretched workload.

As a leading provider of cybersecurity services for the healthcare sector, including Victorian Health Department and Ambulance Victoria, we have developed a solid understanding of the strategic and tactical threats that affect our country's healthcare organisations. Our insights are derived from our 24/7 healthcare cybersecurity monitoring and remediation team, as well as our healthcare specific threat intelligence feeds that monitor 125,000 healthcare employee data feeds for malicious actors. With over 1.6 trillion healthcare specific logs and thousands of data feeds per year that we analyse, we’re familiar with the holistic and intricate cybersecurity threats that affect technology, patient care and system reliability.

What are the three major cybersecurity issues we see?

As mentioned above, the healthcare industry in Australia experiences a wide range of targeted cybersecurity-related issues. These can include the compromise of the integrity of systems, complex malware and ransomware attacks coming in from IT or OT networks, privacy of patient data and distributed denial of service (DDoS) attacks that can bring the entire hospital down from a technology perspective. The ramifications are huge - from financial loss, breach of privacy, loss of patient data and ultimately putting lives at risk. 

The three major cybersecurity issues we see, include (but are not limited to):

Ransomware:

Ransomware is a type of malware that infects systems and files, rendering them inaccessible until a ransom is paid. When this occurs inside a 24/7 healthcare industry, critical processes and patient records are slowed or inaccessible until the situation is resolved. During these attacks or “downtimes” hospitals are forced to go back to traditional methods such as pen/paper and manual enquiry. Typically, ransomware affects Australian healthcare systems through three ways:

• Through phishing emails containing a malicious attachment, often using a fake email address that seems legitimate in the context of the healthcare industry (i.e. An email from a fake pathology service to a regional hospital, for example)
• Through a user clicking a malicious link and downloading ransomware through the link (i.e. a malicious link to a fake digital health record, for example); and
• By viewing an advertisement containing malware. This is particularly prevalent with medical staff using unsecured BYOD and iphones to access patient software applications.

Data Breaches of Personal Health Information:

We see data breaches and attempts in the healthcare industry almost every day often through the deployment of credential-stealing malware whether remotely, or through a linked network device. Due to Australia’s heavy compliance regime, malicious actors know that the value of confidential patient data demands a higher ransomware payment. Personal Health Information (PHI) commands more on the black market (average $355 USD per record versus $1-2 per record for credit card information) as it is not able to be changed or cancelled, unlike credit card or personal identification information. 

Lack of resources to manage a threat attack surface on a 24/7/365 basis:

Most hospitals or healthcare providers in Australia are not blessed with a 100-person strong internal IT team that is dedicated to round-the-clock cybersecurity. Cyber attacks happen every 7 minutes in the healthcare industry, according to the Australian Cyber Security Centre. Funding models are tight enough, let alone to fund expensive cybersecurity technicians in a labour tight market. Adversaries, however, have the benefit of being able to attack hospital technology infrastructure at any time - day or night. 

How does IPSec help Australian healthcare providers to overcome these cybersecurity challenges?

IPSec has demonstrated subject matter expertise in cybersecurity for the healthcare industry, including running comprehensive cybersecurity programs for Victoria Health and Ambulance Victoria.IP Sec’s 24/7/365 healthcare cybersecurity operations centre provides round-the-clock detection, alert and remediation services for major hospitals, clinics and care services. IPSec works with specialist threat intelligence providers to curate intelligence specifically for the health industry. This covers IOC, malicious IPs, malware and proactive threat detection.

IPSec can work with your healthcare organisation as an outsourced cybersecurity model, or a supplement to your existing team and internal expertise, to ensure ongoing cybersecurity resilience in the face of a dynamic threat environment. We can also help you meet key legislative compliance standards such as Security of Critical Infrastructure Act 2018 legislation, and various instruments such as HIPAA and ISO standards.

For more information on us, please visit www.ipsec.com.au

References:

https://www.cisecurity.org/insights/blog/data-breaches-in-the-healthcare-sector
https://www.cyber.gov.au/acsc/services/covid-19-cyber-security-advice