Australia to pilot 'long overdue' cyber threat-sharing network for healthcare
Photo: Gorodenkoff Productions OU/Getty Images
The Australian government will pilot a network for sharing information on cyber threats in the healthcare sector.
It has recently set aside A$6.4 million ($4.2 million) to launch an Information Sharing and Analysis Centre (ISAC) for the Australian healthcare system.
WHY IT MATTERS
In Australia, the ISAC has long been operating in the banking and finance sector. The government said its establishment in other high-risk sectors such as healthcare has been "long overdue."
Applications for the government's grant to develop the ISAC in the sector are open until July 23.
THE LARGER CONTEXT
Australian healthcare continues to be a major target of cybercriminals. Based on latest data from the Office of the Australian Information Commissioner, there were 104 notifications of data breaches involving health service providers in the second half of 2023. Just before Christmas day last year, St Vincent's Health, one of the country's largest not-for-profit health and aged care providers, reported that hackers deleted some still unidentified data from its system.
This year also saw one of the biggest ransomware attacks in Australian healthcare. In May, e-prescription delivery service MediSecure was hit by a cyberattack that led to information relating to prescriptions and personal information of healthcare providers from its systems up until November 2023 being allegedly exposed to the dark web.
Meanwhile, Monash Health was also named as one of those whose data were affected in the ransomware attack that hit ZircoDATA in February.
In 2022, the Australian government passed a law amending the Security of Critical Infrastructure Act 2018 to extend its protection to the healthcare and medical sector, among other changes. The amendment meant that hospitals and other entities within the sector would be required to undertake enhanced cybersecurity obligations, including taking preparedness exercises and vulnerability assessments and creating a cybersecurity incident response plan.
Early this year, the Australian Cyber and Infrastructure Security Centre released an advisory for critical infrastructure sectors, proposing the obligation to create and maintain a Critical Infrastructure Risk Management Program.
ON THE RECORD
"The last two years [have] been the beginning of a big, overdue national journey to lift up cybersecurity across the country to better protect our citizens. Healthcare faces a vulnerability trifecta. Cybercriminals know that every Australian depends on these essential services – and that they cannot afford to be offline over extended periods. Healthcare providers tend to hold highly sensitive data, and they often struggle with building and funding strong cyber protections. That’s why healthcare providers are one of the most common, and most damaging, targets of cyber attack. This is a pattern we see all over the world," Home Affairs and Cyber Security Minister Clare O’Neil commented in a media release.