Healthcare sector a target as attack focus shifts

Thursday, 20 April, 2023

Healthcare sector a target as attack focus shifts

A concerning change in the tactics of cybercriminals has seen a focal shift to targets without significant financial standing but at great risk of harm — healthcare organisations. The news comes from exposure management company Tenable, following analysis of recent attacks and government response.

“Cybercriminals have traditionally set their sights on high-yield targets such as private businesses with high-profit margins in the banking, financial and pharmaceutical sectors,” said Scott McKinnel, ANZ Country Manager.

"While these aren’t slowing down, we’ve witnessed that over the last two years, there’s been increasing interest in high-value healthcare information because cybercriminals are aware that healthcare providers have historically postponed investment in their IT and OT systems as well as their IT teams,” he said.

The sensitivity of the information accessed is one of the most attractive elements for attackers, with its broadened exposure heightening the impact on affected individuals.

“Cyber attacks can have dire consequences — from financial losses to disruptions in critical medical services, compromised patient information and care. In a concerning turn, customers affected by recent high-profile attacks are now being notified that their data has surfaced on the dark web, underscoring the severity of the situation and highlighting the urgent need for enhanced cybersecurity measures.”

The latest OAIC report indicates companies must do more to protect consumer data, as cybercrime surged in the second half of 2022. According to the report, the number of data breaches reported in the latter half of the year increased by 26% compared to the first half of 2022, including several high-profile mega breaches. The report also revealed that the healthcare industry continues to be a main target, with 71 breaches reported between July and December 2022, representing 14% of all reported breaches over this period.

"The government’s recent proposal to mandate participation of critical infrastructure providers in national cyber exercises is a positive move,” McKinnel said.

"These exercises have been specifically created to enable organisations to refine their responses to actual security breaches, which in turn will enhance their ability to handle cyber attacks more efficiently. By taking part in these exercises, institutions can identify gaps in their cybersecurity protocols and take proactive measures to address them, reducing the risk of a potential cyber attack.”

McKinnel suggests prioritising cybersecurity by implementing robust security measures to protect sensitive data, conducting regular risk assessments to identify vulnerabilities in systems, providing employee training on cybersecurity best practices, and continuously monitoring systems for potential threats.

Recent high-profile cyber attacks in Australia have underscored the urgent need for healthcare providers to bolster their cybersecurity defences and safeguard the privacy and wellbeing of their patients.

“The psychological impacts of cyber attacks on individuals and society as a whole cannot be overlooked. Healthcare institutions, in particular, are pillars of trust and security that people rely on during distress. By taking proactive steps to safeguard against cyber threats, healthcare institutions can protect the wellbeing of communities and ensure the continuity of critical medical services,” McKinnel said.

Image credit:

Related News

Cysurance to offer cyber insurance to Sophos customers

Australian Sophos customers will be able to take advantage of discounted cyber insurance provided...

Boomi launches API management platform

Boomi's new API Control Plane can help organisations get on top of the security and...

66% of Aust organisations plan to use GenAI to enhance security: study

A study by Tenable shows companies plan to use GenAI to enhance security measures and align IT...

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd