The Australian Government will pilot a network to share information about cyber threats in the healthcare sector.
The agency recently earmarked A$6.4 million ($4.2 million) to establish an Information Sharing and Analysis Centre (ISAC) for Australia’s healthcare system.
WHY IT MATTERS
In Australia, ISACs have long been active in the banking and finance sectors. The government says the establishment of ISACs in other high-risk sectors such as healthcare is “long overdue”.
The deadline for applications for government funding to develop ISACs in this area is July 23.
THE BIGGER CONTEXT
Australian healthcare continues to be a major target for cybercriminals. According to the latest data from the Office of the Australian Information Commissioner, there were 104 data breach notifications involving healthcare providers in the second half of 2023. Just before Christmas last year, St Vincent’s Health, one of the country’s largest non-profit providers of health and aged care services, reported that hackers had deleted an as-yet-unidentified amount of data from its systems.
This year also saw one of the biggest ransomware attacks on Australia’s healthcare system. In May, electronic prescription delivery service MediSecure has been hit by a cyberattack that has allegedly exposed prescription-related information and personal information of healthcare providers from the company’s systems until November 2023 on the dark web.
Meanwhile, Monash Health was also named as one of the organisations whose data was affected in a ransomware attack targeting ZircoDATA in February.
In 2022, the Australian government passed legislation to amend the Critical Infrastructure Security Act 2018 to extend protection to the health and care sector, among other changes. The amendment means that hospitals and other organisations in this sector will be required to undertake enhanced cybersecurity obligations, including conducting preparedness exercises and vulnerability assessments, and developing cybersecurity incident response plans.
Earlier this year, the Australian Cyber and Infrastructure Security Centre issued advice to critical infrastructure sectors, proposing an obligation to develop and maintain a Critical Infrastructure Risk Management Program.
ON PROFILE
“The past two years [have] “Healthcare faces three vulnerabilities. Cybercriminals know that every Australian relies on these essential services – and they can’t afford to be offline for long. Healthcare providers tend to hold extremely sensitive data, and they often struggle to build and fund robust cyber defences. That’s why healthcare providers are one of the most common and damaging targets of cyberattacks. This is a pattern we see across the world,” Minister for Home Affairs and Cybersecurity Clare O’Neil said in a press release.
