Cybersecurity breaches in the healthcare industry can have irreversible consequences, disrupting patient care and compromising sensitive medical information, leading to a decline in patient confidence.
Recent high-profile attacks in Australia’s healthcare system highlight these risks. Just over a year ago, St Vincent’s experienced a data deletion incident that resulted in 4.3 GB of data being stolen, while MediSecure suffered a ransomware attack that affected 12.9 million Australians, exposing their personal and prescription information.
This trend is not isolated to the healthcare sector. This vulnerability is part of a broader trend also reflected in a Semperis study, which surveyed nearly 1,000 IT and security professionals across the US, UK, France, and Germany. The study found that 78% of organisations targeted by ransomware paid the ransom, with 72% paying multiple times – 33% of them paying four or more times. Furthermore, another study2 found that 69% of organisations based in Australia and New Zealand are attacked on holidays and weekends, when employee distraction is high. Despite this, 78% of surveyed companies admit to reducing security staffing by as much as 50% during these periods, leaving them vulnerable to cyber threats.
These incidents and statistics highlight the escalating frequency and financial impact of cyber attacks, emphasising the urgent need for stronger cybersecurity measures, particularly in high-risk sectors like healthcare.
In response, the Australian government has committed A$6.4 million ($4.2 million) to improving cybersecurity in the healthcare sector. This funding will support the creation of a dedicated Information Sharing and Analysis Centre (ISAC), enabling collaboration and intelligence sharing to help protect Australia’s 1,400 hospitals and 6,500 general practitioner clinics from cyber threats.
Related: Australia advances zero trust cybersecurity
Given the increasingly complex nature of cyber threats, healthcare organisations must strengthen their defences with a multi-layered approach that prioritises both prevention and resilience. At the most basic level, implementing a Zero Trust approach – where no user or device is automatically trusted – plays a critical role in safeguarding patient data and protecting critical systems. This is crucial in laying the foundation for staying ahead of the evolving cyber threat landscape, ensuring that all vulnerabilities are addressed, and that sensitive information remains secure.
The Case for Zero Trust
Advancements in cyber threats have made security management in healthcare increasingly complex. Australian healthcare providers must not only maintain compliance with regulations such as the Privacy Act 1988 (Cth) and the My Health Records Act 2012 but also defend against persistent cyber threats targeting their critical systems. Compounding this challenge is the prevalence of legacy medical devices that frequently contain security vulnerabilities, the high amount of staff turnover, and the reality that incoming staff replacements will have to be onboarded and trained for several weeks or months.
This reality has led many healthcare organisations to look toward Zero Trust architectures as a solution. Trust is a precious commodity in IT, too precious to grant blindly in an environment where many endpoints are unpatched and unmanaged. Many of these are personal and mobile devices that must share data to serve patients effectively. Yet, due to the prospect of phishing, ransomware, and other cyber attacks, it cannot simply be assumed that a device is safe just because it is behind the firewall. Each operation from each device needs to be assessed and appropriately authenticated and authorised.
When implemented properly, Zero Trust reduces the scope of compromise after a successful breach. It does this by requiring a distinct authorisation step for each time a user logs in, with additional authentication of the user and device as determined by the operation’s sensitivity and context. The challenge with Zero Trust is ensuring sufficient authorisation and authentication, while not destroying the application’s performance or usability and creating a barrier for staff to do their jobs effectively.
Renewed Focus on Securing Active Directory
For almost all enterprises, including Australian healthcare providers, the backbone of authentication and authorisation – whether through legacy or Zero Trust models – is still Active Directory (AD). Active Directory, a directory service created by Microsoft, which recently reached its 25-year milestone, organises and manages information related to networked resources such as user accounts, devices, and security policies. It regulates access to essential resources by authenticating and authorising users and devices within an organisation. AD also integrates with cloud-based identity services, making it a prime target for cybercriminals seeking to escalate privileges and spread ransomware across an organisation.
Securing Active Directory is critical to limiting the impact of ransomware and integrity-based attacks. The healthcare sector in particular has seen a rise in sophisticated cyber threats, with attackers exploiting misconfigurations in Active Directory and unpatched vulnerabilities to maintain persistence within networks. Australian healthcare organisations must take a proactive stance by continuously assessing their Active Directory configurations, monitoring changes in real-time, and ensuring rapid response mechanisms are in place.
If an attacker gains an initial presence in the network, it’s imperative that healthcare organisations have systems in place to detect malicious activity and reverse any changes to Active Directory that the attacker might make. For instance, attackers will often grant elevated privileges to compromised user accounts by modifying group memberships. Detecting these changes and automatically reverting them reduces an attacker’s ability to move laterally and compromise additional systems.
While 83% of surveyed organisations in Australia and New Zealand say they have an identity recovery plan in place, the same amount (83%) still experienced a successful ransomware attack within the past 12 months, highlighting a disconnect between planning and outcomes.
In the worst-case scenario – where an attacker fully compromises Active Directory – rapid recovery capabilities are essential. Healthcare organisations must have an automated recovery processes in place to restore Active Directory to clean, malware-free servers – ensuring minimal downtime, protecting patient care and operational continuity. Having an automated and reliable recovery process enables healthcare providers to simply “say no” to ransomware, by not having to bend to the demands of ruthless cyber criminals who threaten to disrupt their operations.
To combat the growing cyber threats, Australian healthcare organisations must prioritise strong cybersecurity measures, including Zero Trust and securing their critical infrastructure including Active Directory. Strengthening cybersecurity ensures resilience against evolving threats, keeping sensitive information secure and accessible when healthcare providers need it most.
Lincoln Goldsmith is the Director of Enterprise Channels & Alliances, APAC at Semperis
