Healthcare institutions globally are witnessing an unprecedented increase in cyberattacks. The healthcare and social assistance sector is the third most targeted sector in Australia for cybersecurity incidents, trailing only behind government sectors [1]. This alarming trend is highlighted by the cyber incidents that healthcare facilities face, which compromise sensitive patient data and threaten the operational continuity critical for patient care.

Recent incidents exemplify the risks, including an attack on the Crown Princess Mary Cancer Centre in Sydney by the Medusa group, where thousands of files were stolen and held for a $100,000 ransom [2]. A separate incident saw St Vincent’s Health Australia, the country’s largest not-for-profit operator of aged care homes and hospitals, targeted by a cyberattack [3]. This breach left the organisation and its patients facing uncertainty regarding the extent of stolen personal information. Specific details about the stolen data remained unclear, though the organisation immediately notified the government and disclosed the incident to the public.

Cyber Security is more than a band-aid fix

Personal information held by healthcare practices, alongside valuable intellectual property, puts the healthcare sector at significant risk. Individual patient records often fetch up to $1,000 each on the dark web, so it’s no surprise that healthcare practices are attractive targets for cybercriminals [4]. Unfortunately, practices often have low levels of cybersecurity and may confuse data loss with data theft.

Here are seven key steps to improve your healthcare cybersecurity:

1. Identify network devices

Healthcare providers connect new devices to their networks daily, often without formal approval. These devices, crucial for patient care, increase cybersecurity risks. Actively identifying all assets on the network lets healthcare providers fully understand their cybersecurity attack surface and pinpoint potential security vulnerabilities. For example, through active monitoring, they can detect unauthorised devices such as unapproved wearable health monitors, leading to their swift removal and enhancing network security. The practice of device inventory management in healthcare is crucial for recognising and prioritising vulnerabilities, empowering organisations to take pre-emptive action towards risk mitigation.

2. Assess cybersecurity posture

After achieving network visibility, healthcare providers must next assess their clinical environment’s cybersecurity posture. By undertaking a comprehensive, organisation-wide assessment, they gain insights into their current security measures and identify potential risks or exposure points to cyberattacks. Involving security professionals, biomedical staff, and clinical engineering teams ensures a thorough evaluation that covers both traditional and connected care workflows. For instance, assessing the security of an electronic health record (EHR) system can reveal vulnerabilities, prioritising healthcare across all teams.

3. Implement access controls

The internet connectivity of healthcare providers exposes them to potential security breaches. Factors such as employees sharing passwords and the use of outdated systems heighten their vulnerability. Implementing stringent access controls, including role-based access, becomes imperative. For example, role-based access ensures that only clinical staff involved in patient care can view medical records, while administrative staff may access patient contact details but not their healthcare information.

4. Segment network devices

The continual addition of diverse devices into healthcare environments necessitates effective device segmentation. Once healthcare providers locate and document these devices, establishing and enforcing network policies ensures proper device communication. Accurately documenting device details lets them determine baseline behaviours and enhance security measures without disrupting patient care. For instance, segregating patient monitoring devices from the general network can prevent potential cyberattacks from spreading throughout the network.

5. Threat detection and response

No healthcare environment is safe from threats, making it vital to swiftly identify and respond to suspicious device communications. A successful strategy involves understanding the intended functions of devices and their operational workflows. Knowing a device’s exact location and status, for example, detecting an irregular communication pattern from an infusion pump, lets the security team quickly address threats.

6. Manage vulnerabilities and risks

Reliance on Internet of Medical Things (IoMT) devices carries inherent risks, mainly from software vulnerabilities. The challenge of incomplete device information and the disruptive nature of active scans in healthcare settings needs a clear visibility strategy for device operations. Understanding what devices are present and their activities helps organisations assess risks and prioritise fixes. Streamlining the vulnerability and risk management process, such as identifying outdated software on imaging equipment and prioritising updates, minimises exposure to cyber threats.

7. Continually optimise strategy

The digital transformation and the growth of the extended Internet of Things (XIoT) mean that threats to healthcare environments are constantly evolving. Continuous strategy optimisation ensures the security and integrity of connected devices. By regularly enhancing cybersecurity and operational resilience, organisations can better prepare for, respond to, and recover from the dynamic threat landscape. For example, adopting the latest encryption technologies for device communication can protect against emerging cybersecurity threats.

Connect to your environment with confidence

By implementing these best cybersecurity practices, you can advance your healthcare initiatives more efficiently to achieve improved operational performance and outcomes for your patients.

Our team can help your healthcare organisation create a solid foundation for protection against cyber threats, contact us today on 1300 147 000 or sales@wavelink.com.au.

[1] https://www.cyber.gov.au/about-us/reports-and-statistics/acsc-annual-cyber-threat-report-july-2021-june-2022

[2] https://ia.acs.org.au/article/2023/sydney-cancer-treatment-centre-caught-in-cyber-attack.html

[3] https://www.svha.org.au/news/latest/media-statement-cyber-incident-update

[4] https://www1.racgp.org.au/newsgp/professional/are-you-one-cyber-breach-away-from-insolvency