Safeguarding patient trust: email cybersecurity in Australian health care

In the ever-evolving landscape of cybersecurity threats, healthcare organisations stand as prime targets due to the sensitivity of patient health information. Australia witnessed an 84% increase in cyber incidents between 2019 and 2020 alone, shedding light on the pressing need for robust cybersecurity measures within the healthcare sector.

This article delves into the unique challenges faced by healthcare companies in Australia, with a focus on the pivotal role of email cybersecurity. We draw insights from our experiences at GenesisCare to underscore the significance of safeguarding patient data in the digital age.

Five years ago, GenesisCare embarked on a transformative cybersecurity journey. As the Chief Information Security Officer at GenesisCare, I inherited an environment with no in-house cybersecurity practice, relying on third-party vendors to secure our operations. Recognising the evolving threat landscape, we initiated a comprehensive cybersecurity strategy, with a primary focus on safeguarding patient health information.

Email security as the cornerstone of cyber defence

Operating in multiple regions, including Australia and Europe, posed a unique challenge for us. Our expansive attack surface, combined with the diverse and changing landscape, demanded a targeted approach. Email, being the most common vector for cyberthreats, became our focal point.

In a healthcare organisation like ours, emails contain vital information, including patient health information, personal identifiable information, financial data and internal communications. Safeguarding this sensitive data is paramount to ensure patient privacy, comply with regulations, prevent identity theft and maintain trust. Breaches can lead to legal consequences, financial losses and disruptions in business continuity. Protecting healthcare data is essential for the integrity, credibility and seamless operation of healthcare organisations.

We recognised that the highest probability of a data breach often stems from human error, particularly through email phishing attempts. In fact, over 90% of data breaches come from emails.

In collaboration with Mimecast we strengthened our defences against evolving phishing attacks.

Deactivating unnecessary apps and consolidating wisely

Recognising the need for a holistic cybersecurity approach, we initiated an application and vendor consolidation project. This strategic move was driven by collaboration with our Chief Financial Officer and was aimed at optimising costs while enhancing security. The project involved scrutinising every application and vendor across our organisation.

The outcomes have been significant. We identified and decommissioned unnecessary applications, leading to substantial cost savings. For instance, we deactivated a workload, resulting in an annual saving of $144,000, and we are poised to achieve millions in savings in the coming years. This initiative not only enhances our security posture but also aligns with sound financial management principles.

Collaborating with the CFO in decision-making

While prioritising cybersecurity is a crucial aspect, decision-making can be influenced by various factors, sometimes deviating from optimal risk and cost considerations. An example worth mentioning is the sway exerted by certain vendors, such as Microsoft, in steering executive decisions. Despite an appealing value proposition, we’ve learned that the practical implementation and total cost of ownership should be carefully evaluated.

Collaboration with the CFO becomes paramount in steering decision-making processes. A top-driven approach ensures that cybersecurity initiatives align with broader business goals. In our experience, forging a strong partnership with decision-makers at the executive level has been instrumental in shaping effective cybersecurity strategies.

The future landscape: anticipating trends

As we navigate the present challenges, it’s crucial to anticipate future trends in cybersecurity. The ever-growing sophistication of cyberthreats calls for an increased reliance on AI technologies. Natural language processing models and AI-driven defences are poised to play a pivotal role in countering evolving threats. This includes behavioural AI and its ability to map out normal email use over a period of time and flag suspicious email use.

Remaining steadfast in our commitment to patient data safety

In conclusion, cybersecurity is paramount in the healthcare sector due to the evolving threat landscape and regulatory demands. Our experience at GenesisCare highlights the pivotal role of email security in building and maintaining patient trust. The journey persists, marked by strategic collaborations and a proactive cybersecurity approach.

Image credit: iStock.com/Kunakorn Rassadornyindee