Health sector a target for hackers in 2019
Crystal ball gazing is an art usually left to mediums and psychics who profit off the leveraged hope of the true believers, writes Michael Connory.
It’s the ability to sell a belief that makes what a medium has to say an interesting story, and yet there is something to be said about forecasting events with credibility and foresight when armed with the right information.
Being an oracle, becomes more convincing, when the story told is a message of intellectual rationality and indisputable fact.
Data breaches, cyber threats and attacks, have dominated media headlines throughout 2018 – a growing trend has emerged where the landscape is a weakened fortress. The walls of strength should have been buttressed with the right armoury. Our defensive guard is a shambolic state that continues to burgeon as a problem for Australians.
Australia is staring down a dark hole; should it fall in, it may never be able to scale the walls back to freedom, if it does nothing to address what has become a tipping point towards disaster.
As a country, we are in a crisis of security failings. This year, 2018, proved that corporate Australia refused to understand the importance of safeguarding our privacy, making 2019 the year where record privacy breaches will reach the zenith of its point and the courts and lawyers will become the casino and croupiers – Australian’s privacy is not a game of poker corporates believe they can gamble with.
Our health sector is the largest employer of Australians, employing more than 15.7 per cent of the workforce. This year, some 20 per cent of all known data breaches came from the Health sector – the biggest and most targeted of all sectors.
The attacks will grow to 23 per cent come 2019 where the contributing factors for growth will arise because:
- 65 per cent of all health employee’s will never have undergone Cyber Awareness Training – considering 70 per cent of all data breaches relate to human error
- 82 per cent of health organisations do not have a dedicated individual or group focusing on security
- 79 per cent of health organisations do not have a fully prepared and tested incident response plan in case of a cyber incident
- 91 per cent of health organisations have never reviewed security policies and practices of a third party they share data with
- Staff across the health sector, with an organisation longer than 18 months, have a 31 per cent chance of their credentials already compromised.
Playing the role of oracle sees Security in Depth’s research team predicting 2019 will be a year of high drama for the health sector as an increase in cyber risks will impact the sector directly where major attacks will come via:
- Improved Ransomware attacks
- Cyber criminals are now researching systems ahead of time, often through backdoor access, enabling them to encrypt their ransomware against the specific antivirus applications put in place to detect it.
- Healthcare systems are prime candidates for targeted attacks, since they handle sensitive data from large swaths of the population.
- Improved and targeted phishing attacks
- Improved business email compromise attacks
Attacks are likely to target individual devices as well as cloud-based systems where the primary objective will be to access user credentials.
No matter how much cybersecurity improves, the weak link in the armoury of defence remains the human factor. Strengthening the link requires an investment in training where corporate Australia must focus its strategic counsel.
Enormous volumes of data is shared across a variety of health professionals, then factor in the fact that most health organisations aren’t hospitals, then the recipe for major security issues escalate exponentially by Avogadro’s number.
When protected health information (PHI) is stolen, attackers are able to steal identities, gain access to medical information that are used to sell or obtain prescriptions to be traded or sold. In 2019, Australia will witness an increase in cyber extortion – where cyber criminals will use the health records of Australians to extort money directly from citizens.
The threat of cyber extortion looms as a real danger and requires the need for a strategy to deal with the problem to be an integrated play factored into the Australian Digital Health Strategy. The strategic digital health priorities lead to a potential cacophony of citizen complaints as:
- Every health care provider can communicate with their patients and other health care providers
- All prescribers and pharmacists have access to electronic prescribing and dispensing by 2022
- Maximum use is made of digital technology to improve accessibility, quality, safety, and efficiency of care
- All health care professionals can confidently and efficiently use digital health technologies
Which means that potentially over a million individuals may have access to Australian Citizens health records.
More times than not, answers to the problems we seek are in sight of all we can see, and yet, we can be blinded by the complexities of desire for answers to a solution in all the wrong places.
If we are able to grasp that no national data exists that allows for a detailed understanding of the use and outcomes from the vast range of digital health applications available, it will only be then that we can work to resolve a solution to a problem that is thundering towards ‘a station’ of no return.
Michael Connory is CEO and Founder of Security In Depth.