Cybercriminals focusing attacks on healthcare organisations
Exposure Management company Tenable has highlighted a concerning change in the tactics of cybercriminals who are now focusing their attacks on targets without significant financial standing but have the ability to cause great harm if compromised: healthcare organisations.
"Cybercriminals have traditionally set their sights on high yield targets such as private businesses with high profit margins in the banking, financial and pharmaceutical sectors," says Scott McKinnel, ANZ Country Manager at Tenable.
"While these are not slowing down, we have witnessed that over the last two years, there has been increasing interest in high-value healthcare information because cybercriminals are aware that healthcare providers have historically postponed investment in their IT and OT systems as well as their IT teams," he says.
McKinnel says cyberattacks can have dire consequences – from financial losses to disruptions in critical medical services, compromised patient information and care.
"In a concerning turn, customers affected by recent high-profile attacks are now being notified that their data has surfaced on the dark web, underscoring the severity of the situation and highlighting the urgent need for enhanced cybersecurity measures," he says.
The latest OAIC report indicates companies must do more to protect consumer data, as cybercrime surged in the second half of 2022. According to the report, the number of data breaches reported in the latter half of the year increased by 26% compared to the first half of 2022, including several high-profile mega breaches. The report also revealed that the healthcare industry continues to be a main target, with 71 breaches reported between July and December 2022, representing 14% of all reported breaches over this period.
According to McKinnel, the government's recent proposal to mandate participation of critical infrastructure providers in national cyber exercises is a positive move.
"These exercises have been specifically created to enable organisations to refine their responses to actual security breaches, which in turn will enhance their ability to handle cyberattacks more efficiently," he says.
"By taking part in these exercises, institutions can identify gaps in their cybersecurity protocols and take proactive measures to address them, reducing the risk of a potential cyberattack."
McKinnel suggests prioritising cybersecurity by implementing robust security measures to protect sensitive data, conducting regular risk assessments to identify vulnerabilities in their systems, providing employee training on cybersecurity best practices and continuously monitoring systems for potential threats.
"Recent high-profile cyberattacks in Australia have underscored the urgent need for healthcare providers to bolster their cybersecurity defences and safeguard the privacy and well-being of their patients," he says,
McKinnel says the psychological impacts of cyberattacks on individuals and society as a whole cannot be overlooked.
"Healthcare institutions, in particular, are pillars of trust and security that people rely on during distress," he says.
"By taking proactive steps to safeguard against cyber threats, healthcare institutions can protect the wellbeing of communities and ensure the continuity of critical medical services."