Preventing high-tech contagion in the Australian healthcare industry

Published on April 14, 2020

Which industry is Australia’s worst offender when it comes to data breaches and cybersecurity threats? If you answered healthcare then congratulations, you’re on the money.

Health service providers were responsible for 54 of the 262 notifiable data breaches reported in the last quarter of 2018, according to the Office of the Australian Information Commissioner (OIAC), Australia’s privacy watchdog. The story was similar in the second and third quarters of 2018, with healthcare providers accounting for 49 of 242 documented breaches and 45 of 245 documented breaches, respectively.

These are unsettling statistics, particularly given public concern about patient privacy in the era of My Health Record, the controversial Australian electronic health record rolled out nationwide in 2018. The system appears ripe for large scale data breaches, given the number of parties that have electronic access to a rich seam of personal and medical information.

A healthy disregard for cybersecurity infections?

Despite the healthcare sector’s well documented standing as the sick man of the cybersecurity sphere, research suggests it continues to take a cavalier approach to the business of protecting core business systems and sensitive data.

A recent Frost & Sullivan study found that 49 percent of healthcare organizations in the Asia-Pacific Region either wait to take cybersecurity into account after they’ve begun digital transformation initiatives or don’t factor cybersecurity into their security strategies at all. Many took a ‘bolt on’ rather than a strategic approach to cybersecurity. 

That approach is surprising, seeing as the patient information that healthcare providers typically have is worth more to cybercriminals than almost any other form of personal data.

As Forbes.com points out, fraudulently obtained electronic medical records (EHRs) can be worth thousands of dollars on the black market.

 Used in combination with other personal data, medical records can provide the detailed and reliable personal information necessary to commit identity theft and obtain products and services by deception.

Unfortunately, the threat to patient privacy often comes not from hackers and cybercriminals outside the organisation but from within. The 2018 Verizon Data Breach Investigations Report  found an astonishing 56 per cent of cyberattacks in the healthcare sector were inside jobs, with financial gains being the most common motivation.

Diagnosis and treatment

Stringent security isn’t implemented by accident. When enterprises place a high value on systems and data security, they devote considerable resources to understanding their vulnerabilities, the threats they face, and the means by which these can be mitigated.

Conducting a comprehensive security audit of systems and processes is a good starting point.

Many healthcare organisations lack the expertise to carry out this exercise and will find it helpful to work with external consultants with the skills to augment existing security arrangements.

Cybersecurity auditors don’t just look at software solutions. They also give processes and practices a comprehensive examination. Encouraging employees to use secure channels of communication, for example, will reduce the likelihood of data being lost or compromised in transit.

It’s also essential to monitor where data is stored, whether it be on internal servers or offsite through a cloud-based service provider, and to ensure data security. 

While education and training won’t prevent rogue staff from attempting to steal patient data, it can reduce the likelihood of their honest colleagues instigating an accidental data breach.

Regular awareness training helps employees understand the dangers of phishing, malware, and physical loss of data, such as a misplaced USB drive, lost laptop, or unprotected smartphone. Such training will also keep employees current on the practices they can implement to ensure the organisation does not become a statistic.

Ensuring patient data is in safe hands

The compromise of sensitive patient data can cost healthcare providers dearly – both financially and in reputational damage. Adopting comprehensive protection strategies, including stringent cybersecurity measures and regular staff training, will do much to boost the immunity of the healthcare sector.

Leave a comment

Your email address will not be published. Required fields are marked *

two × one =

Topics

As the world moves away from manual, labor-intensive processes, companies are increasingly relying on artificial intelligence to streamline operations. From forecast engines and conversational assistants to anomaly detection and behavior analysis, AI capabilities have been progressing in leaps and bounds in the last few years.
Digital transformation can be a complex process requiring various stakeholders—leadership, partners, and employees—to be on the same page while ensuring the transformation enhances business value. However, despite its growing popularity, many businesses are still unsure what exactly digital transformation entails. Dive in for our take on everything DX.
As the world of cyberthreats becomes increasingly sophisticated, organizations need to develop a multi-pronged defense strategy that includes various layers of protection spread across networks, hardware, programs, and data. The people, processes, and technology in an organization need to come together in order to create an infallible security program.
A platform for industry experts and thought leaders to share their expertise on how technology is sharing various aspect of their industry.
As we move into an era of information explosion, mounting concerns regarding data privacy have given rise to groundbreaking regulations. Adhering to privacy regulations, such as the GDPR and the CCPA, not only ensures compliance, but can also help an organization develop solid data security policies and prevent breaches.