OAIC: Healthcare providers prime targets for cyber criminals

The Office of the Australian Information Commissioner (OAIC) has revealed that healthcare service providers are currently the most targeted industry by cyber criminals, according to the latest Notifiable Data Breaches report.

This finding comes amid a call for urgent action from both government and healthcare providers by Australian cybersecurity firm, AUCyber.

The OAIC report indicates a troubling increase in the number of data breach notifications. From January to June 2024, the OAIC received 527 data breach notifications, marking a 9% increase compared to the previous six months. This is the highest number since the latter half of 2020. Of these breaches, cyber security incidents accounted for 38% of total notifications, highlighting the growing vulnerability in the country's digital landscape.

The most significant breach reported impacted over 10 million Australians, marking it as the largest breach recorded under the Notifiable Data Breaches (NDB) scheme. This incident underscores the critical need for improved data protection measures, particularly within the healthcare sector, which holds highly sensitive personal information.

Research conducted by AUCyber, entitled the 2024 Cyber Security Healthcare Report, reveals that 82% of Australians harbour considerable concern about the safety of their personal health records. This study, based on a survey of over 1,000 Australian voters and conducted by YouGov, suggests that the public largely holds the federal government and healthcare institutions responsible for safeguarding healthcare data.

Peter Maloney, CEO of AUCyber, elaborated on public sentiment, stating, "Our research shows that 71% of Australians believe safeguarding healthcare data is primarily the responsibility of the federal government and healthcare institutions. The stakes are high, and it is crucial for these entities to act decisively to protect personal information."

High-profile incidents have heightened public awareness as well as concern. Notable breaches include an incident involving Monash Health through ZircoDATA and a separate incident concerning the illicit sale of MediSecure's e-script data. These breaches have emphasised the urgency of addressing cybersecurity vulnerabilities within the healthcare sector.

AUCyber's findings call for a comprehensive approach to strengthening security measures across all sectors, particularly in healthcare. "Healthcare providers must bolster their defences and adopt comprehensive measures to safeguard against cyber threats," Maloney emphasised. "Protecting sensitive health information is not just a regulatory obligation but a crucial element of maintaining public trust."

The pressing need for improved cybersecurity in healthcare is also a focal point of the 2024 Cyber Security Healthcare Data Report. The report is available for public access, providing insights and recommendations aimed at fortifying defences against potential cyber threats.

With healthcare service providers now identified as a prime target for cyber criminals, the findings from both the OAIC and AUCyber stress the immediate need for enhanced cybersecurity protocols. The potential risk to Australians' personal health information remains a significant concern that requires prompt and decisive action from both governmental bodies and healthcare institutions. This dual approach is deemed essential to mitigate risks and uphold public trust in the healthcare system.