This article is part of a series of articles about Telstra Health’s Layered Approach to Cyber Security. You can access practical guidance on implementing a Layered Approach to Cyber Security at the People layer here, the Process layer here and the Technology layer here.

An increasing number of cyber incidents against health organisations have cast a spotlight on the role cyber security plays in healthcare. Understanding the risks of delivering digitally enabled care and protecting health information has never been more crucial for healthcare organisations. In this article, we suggest that applying a layered approach is a practical approach to increasing your healthcare organisation’s cyber security maturity and defending against increasingly complex cyber threats.

 

Why Cyber Security should be a Top Priority for Healthcare Organisations 

Australian healthcare organisations are increasingly being targeted by cyber criminals, with data breaches occurring because of human error, system failure and malicious attack. Statistics reported by various Australian cyber security organisations all convey the same message: healthcare organisations need to do more to defend against evolving cyber threats.1,2,3 

Figure 1: Indications of the Australian healthcare industry as a lucrative target for cyber criminals
cyber security overview article australian healthcare industry target

So why healthcare organisations? There is a high level of intrinsic and extrinsic value associated with healthcare data. Stolen healthcare data is typically worth more than records from other industries because of the high value associated with personal information. An attacker can use this data to access private health care benefits, steal and utilise credit card details, sell the data on the black market to other cyber criminals and/or use it to extort patients. Healthcare sector plays an important role in Australian society, some hostile actors may try to cripple these critical services to create social havoc.

Healthcare organisations often have a low level of cybersecurity maturity making them vulnerable to attacks. The use of legacy and/or unsupported systems with outdated security controls continue to prevail. A limited security culture and cyber awareness across healthcare organisations can lead to data breaches caused by human error. Also, accessibility to health information systems can be challenging for clinicians as they must manage a variety of credentials, adding to the complexity of maintaining rigorous cybersecurity controls. 

Cyber security is often perceived as an IT problem that warrants an IT response. In this series of articles, we turn this common misconception on its head, and explain why cyber security is an organisational concern which requires an organisational response.

What are the Risks of Complacency?

As new and disruptive technologies become more prevalent, the volume and complexity of cyber threats is expected to escalate. An increasing demand for information sharing, and interconnectivity introduces additional attack types.

For example, the increasing interconnectedness between end user devices with Bring Your Own Device (BYOD) solutions and Medical Internet of Things (IoT) has contributed to end point complexity, which has introduced vulnerabilities that cyber criminals can exploit. Maintaining a ‘wait and see’ approach is no longer feasible in defending against evolving cyber threats.

The impacts of a cyber incident or data breach on a healthcare organisation can be crippling. This is illustrated below in figure 2.

Figure 2: The impacts on a healthcare organisation can be detrimental and far reaching
cyber security overview article

Recognising a Cyber Threat when you see one

Cyber criminals are highly organised and can take advantage of a rapidly changing digital health landscape. Attack tactics can be layered, aiming to exploit vulnerabilities within healthcare organisations. The following tables outline the common sources of threats and types of attacks that impact the healthcare industry.1

cyber security overview article list

Adopting a Layered Approach to Cyber Security in Healthcare 

Cyber criminals can use multi-layered and highly sophisticated attack tactics to target vulnerabilities in healthcare organisations. In response, healthcare organisations should apply multiple layers of defence by leveraging a well-equipped framework. This involves being proactive with cyber security, and applying controls for cyber threat identification, prevention, detection, response and recovery dimensions, across the People, Process and Technology layers. 

In this series of articles, we will explain Telstra Health’s Layered Approach to Cyber Security in depth and provide you with practice advice on what you can do to uplift your cyber security maturity across the People, Process and Technology layers.

Figure 3: Telstra Health’s Layered Approach to Cyber Security is a holistic framework, encompassing People, Process and Technology

 

cyber security overview article holistic framework for layered approach

This blog article is informational in nature and is not intended to be a substitute for professional advice.


References

1. Office of the Australian Information Commissioner, 2021, ‘Notifiable data breaches statistics’, available from: https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-statistics/.

2. Australian Cyber Security Centre, 2020, ‘Ransomware in Australia’, available from: https://www.cyber.gov.au/sites/default/files/2020-10/Ransomware%20in%20Australia%20%28October%202020%29.pdf.

3. Health Informatics Society of Australia, 2018, ‘Cybersecurity across the Australian Healthcare Sector’, available from: https://www.hisa.org.au/wp-content/uploads/2018/07/HISA-Healthcare-Cybersecurity-Report_June-2018.pdf.

4. Verizon, 2020, ‘Data Breach Investigation Report’ available from: https://enterprise.verizon.com/en-au/resources/reports/dbir/

5. Australian Cyber Security Centre, 2020, ‘2020 Health Sector Snapshot’ from: https://www.cyber.gov.au/acsc/view-all-content/reportsand-statistics/2020-health-sector-snapshot

Download the full article

Not sure where to start?

Our Advisory Services team can help to provide you with end-to-end support on your digital journey, from strategy through to implementation and evaluation. 

Tell me more

Want to find out more? Let’s start a conversation

We partner with you to help solve your organisation’s complex problems, and maximise the impact of digital technologies on the care you deliver.

Get in touch

Subscribe to get our latest insights and updates

subscribe to eHealth Insights Newsletter

Telstra Health acknowledges the Traditional Custodians of country throughout Australia and recognises their continuing connection to land, waters and culture. We pay our respects to their Elders past, present and emerging.