Australia’s healthcare sector is consistently targeted by cybercriminals, having reported the highest number of data breaches from all Australian sectors over the last five years, according to the OAIC Notifiable Data Breaches Reports. The risk of ransomware specifically is increasing, with the recent analysis of a global sample of reported ransomware attacks showing that over one in five attacks (21%) was targeted at healthcare organisations in 2023/24, up from 18% the year prior.
In the last few years, there have been plenty of high-profile incidents reminding Australian healthcare organisations that it might be a good time to do a check-up on their cybersecurity posture. In one incident, a ransomware attack on an e-prescription platform exposed the personal and health information of millions of Australians, which was later offered for sale on a foreign hacking forum. Meanwhile, a cancer treatment facility in Sydney had thousands of files containing sensitive patient data stolen by a foreign ransomware group that held them for ransom. With the Federal Government’s SOCI Act of 2018 officially classifying Australia’s healthcare sector as critical infrastructure, there are greater responsibilities being placed on healthcare providers to protect patient data.
Why healthcare makes for an attractive target
There are several reasons why the healthcare sector is targeted by ransomware attacks. Some of the most prominent include the high sensitivity of medical records, and the potential impacts on patient safety of any operational disruption, which can make organisations more likely to pay the ransom.
Ransomware disruptions in hospitals can impact patient health and safety. Unlike other industries, hospitals cannot afford to have any downtime due to computers and systems being encrypted and disabled – this could lead to emergency surgeries being delayed, or critically ill patients being diverted to another facility. Unfortunately, cybercriminals know the conundrum facing healthcare organisations who do not have an adequate backup of their data – do they resist paying the ransom, lose access to their files and face the impacts of operational disruption, or do they give in and pay the ransom to hopefully restore their operations (even though there is no actual guarantee of regaining access).
Further, exfiltrated medical records can fetch premium prices on the black market due to the amount of personally identifiable information they contain, making them a prime target for ransomware gangs who seek to sell them to the highest bidder. Sold medical records can then be used by other cybercriminals to commit identity fraud, victim extortion and more.
Fortunately, there are some critical cybersecurity measures all healthcare organisations can implement to reduce their overall likelihood of suffering a ransomware attack (and reduce the level of damage if one does occur).
Email Protection
Email remains one of the most common entry points for ransomware. Whether it’s a deceptive URL or QR code that an employee mistakenly clicks on, or a more sophisticated spear phishing attack that employs advanced social engineering techniques to make the email content more believable, healthcare organisations are advised to implement adequate email protection to protect themselves.
A good email protection solution designed to stop Business Email Compromise (BEC) attacks will not only protect you from external threats, but also from the impact of a malicious email successfully compromising a mailbox. In addition to investing in email security, organisations should conduct regular training to help staff identify malicious or suspicious emails in the first instance, and know who to report them to.
Web Application Security
The use of web applications in healthcare settings has grown over the last few years, such as those used for telehealth or remote monitoring services. While this increased connectivity and functionality has improved patient care in many ways, it has also subsequently exposed healthcare organisations to more cyber attacks. If a security vulnerability is present in a remote healthcare portal, customer service portal, exposed remote desktop, or an employee portal for example, cybercriminals can use this point of entry to spread malware, including ransomware, throughout the rest of the network.
Healthcare organisations can secure their web applications by adopting a Zero Trust Network Access model. This approach continuously verifies the identity of the user and the device they are logging in with and ensures only the authorised users are getting into the network. A good quality security solution will give you fine-grained access to ensure each user is only given as much access privilege as they need to do their jobs, which will reduce the risk of ransomware spreading across the rest of your network.
Data Backup
All healthcare organisations need the resilience to cope with a ransomware attack. This includes preparing for recovery after a successful breach. One of the most critical defences an organisation can have is a secure, offline, immutable backup, which means that it cannot accessed, altered or deleted by attackers. Without a high-quality backup, ransomware attacks can cripple a healthcare organisation’s ability to operate for weeks or even months.
The Takeaway
Ransomware targets every industry but the stakes are inevitably higher in healthcare, where patient safety is at risk. Organisations should try to improve their resilience against these attacks by proactively implementing security measures across their entire network, starting by securing their email server, web applications and data backup as a priority.
Matt Caffrey is a Senior Solutions Architect at Barracuda Networks
