More than a third of top Australian hospitals have been found to lack basic cybersecurity protocols to protect themselves from email fraud and domain spoofing.
FINDINGS
In October, United States-based cybersecurity company Proofpoint made a Domain-based Message Authentication, Reporting and Conformance (DMARC) analysis of 70 public and private hospitals around Australia.
DMARC is an email validation protocol that authenticates a sender’s identity before allowing their message to reach its intended recipient. It has three levels of protection – monitor, quarantine and reject, with reject being the most potent for fending off suspicious emails from reaching the inbox.
Based on this analysis, it was revealed that 36% of the hospitals do not enforce the recommended strictest level of DMARC while two hospitals do not have any DMARC record.
Public hospitals were found to have better protection compared to private hospitals with 77% of them having implemented the highest DMARC level. Among private hospitals, below half (44%) adopted the email authentication protocol at the same level.
THE LARGER TREND
In 2020, 166 cyber incident reports in the health sector were filed with the Australian Cyber Security Centre, rising from 90 in the previous year. Most of these reports were for compromised systems, which were most likely attacked by malicious actors exploiting the COVID-19 pandemic situation.
In the first half of the following year 2021, 85 notifications from the health sector were made to the Office of the Australian Information Commissioner regarding data breaches. Most of these cases were phishing and ransomware.
This included the ransomware attack at UnitingCare Queensland, which was claimed by a group known as REvil/Sodin. Also in the same year, Eastern Health experienced an IT outage due to a suspected cyberattack.
This year in October, SA Health informed of a data breach that affected Personify Care, its third-party provider of digital patient pathways. The said incident led to a folder containing the health information of 121 patients getting deleted. However, there was no evidence that the deleted information was copied or downloaded.
ON THE RECORD
“With email-based phishing attacks remaining one of the most common techniques used by cybercriminals, hospitals should prioritise tightening email security,” suggested Steve Moros, senior director of the Advanced Technology Group at Proofpoint Asia Pacific and Japan.
“Implementing email authentication protocols such as DMARC provides a crucial line of defence to strengthen protection against email fraud and ensure the safety of patients and their families, as well as employees and other stakeholders from potentially harmful cyber threats.”
