Digital transformation continues to improve many aspects of our daily lives, including health care outcomes. However, as digital transformation and reliance continues for both organisations and individuals globally, the market of opportunity for cybercriminals’ increases. Cybercriminals have seen the healthcare industry as a lucrative target because of the nature of our work. Malware and ransomware are some of the main sources of cyber security risk in healthcare. This has become increasingly evident through the proliferation of notable cyber attacks in Australia.
In October of 2022, we saw a cyber attack, specifically a ransomware attack on a private health insurance provider, which resulted in the largest breach of personally identifiable information (PII) and sensitive health information in Australia to date. The privacy of 9.7 million individuals was compromised and sensitive medical information, including treatment for HIV, drug and alcohol addiction, and mental health treatment, was posted on the dark web by cybercriminals.
When an individual’s medical history is stolen the ramifications are beyond financial loss and breach of privacy – this data can be used to proliferate insurance scams and can make the victim’s access to necessary treatment difficult. In some situations, the effects can be life-threatening as critical infrastructure may not be accessible leading to delays or disruptions in patient treatment. This highlights that cyber resilience across our people, processes and technology is more important than ever.
What is cyber resilience? Cyber resilience is your organisation’s posture or ability to defend, adapt respond and recover from cyber threats and cyber incidents while maintaining continuous business operations. In a healthcare context, this is ensuring that you have the knowledge and capabilities in place to continue to provide quality health care and protect patients despite a potential lack of information system availability and integrity due to a cyber attack.
Cyber adversaries aim to halt critical operations, steal data, and gain financially by exploiting any vulnerabilities that may exist due to digital and technological transformation or an internal lack of security knowledge. The following are some essential actions to get you started and uplift your cyber resilience today:
Looking ahead, we understand that enabling cyber security in healthcare is achieved by maintaining the availability and interoperability of critical digital health applications, systems and services, while simultaneously protecting the confidentiality of sensitive and personal medical records.
At the Australian Digital Health Agency (the Agency), our Cyber Security Strategy 2022-2025 supports the advancement of our cyber capability in response to the changing cyber environment and supporting the delivery of the National Digital Health Strategy and Framework for Action.
We have four guiding principles that are applied to shape how the Agency will work thing and behave towards security. The principles are:
In practice, we see these principles applied to establish and maintain the security of the My Health Record system. Where a range of technical and non-technical security controls, including legislation, policies, procedures, network and application protections and security monitoring, of the My Health Record system. There are also several security features and controls, such as privacy restrictions and access control logging and monitoring, which are designed to enable healthcare recipients, carers, and authorised personnel to monitor and control access to their records.
While the delivery of the Cyber Security Strategy is led by the Agency, we cannot do it alone. Cyber security is everyone’s responsibility. It requires us all, both healthcare providers and consumers to think securely. Whether we are at home or at work, we must ensure we are doing our best to protect the information, services and data in our care every day.
This module explores security measures and legislation supporting the My Health Record system and how your organisation’s policy governs the use of the system. Access the free eLearning module on the Australian Digital Health Agency Online Learning Portal.
This module provides an overview of My Health Record and describes how general practitioners (GPs) can use it within their practice. Access the free eLearning module on the Australian Digital Health Agency Online Learning Portal.
Watch the Agency’s free on-demand webinars, to learn more about using My Health Record in your health service, including how to easily find the right document. Once you register, you can watch these short, pre-recorded sessions straight away. You will also receive a link so you can watch the session at a time and date that suits you. Find the full list of on-demand webinars on the Australian Digital Health Agency website.