The Glaring Issue About Australian Health Sector’s Lack of Readiness to Cyber Attacks
There is a growing public concern of the healthcare sector readiness when it comes to cybersecurity attacks, in the wake of the 2017 WannaCry ransomware that net the virus makers an estimated $4 billion in revenue from ransom payments. AustCyber, a premier cybersecurity consulting firm through its CEO, Michelle Price has underscored Australia’s risks for ransomware and inadequate cybersecurity defense strategy of Australian firms to address the risks.
“Today, every single business and entity in Australia is digital, meaning every single entity is subject to malicious cyber attacks. This is why, if we’re not growing companies in Australia that have enterprise-grade cyber security and are cyber resilient in every way, we will not be a global actor in the economy in the next 10 years. We’re seeing economic value being wiped from our economy as a result of malicious actors treating the Australian economy like their playpen before they move on to other destinations. We are the number one destination for ransomware in the world, per capita,” explained Price in the recently concluded MedTech18 Conference, an annual event that discuss technology and cybersecurity for the Medical and Healthcare sectors.
The major limitations of the healthcare industry’s IT infrastructure compared to other sectors are the slow adoption of more resilient devices. The use of outdated computers with outdated software, while those same devices connect to the public internet while lacking a reliable backup system in place was the ingredients for the recipe for disaster, which peaked last year with the devastation the world has absorbed due to ransomware.
“The approach to cyber resilience should be security by design. Thinking about the process from the start builds the approach into our muscle memory. Then, the true outcome from it becomes trust in our organisations, the devices that we’re producing, and our ability to manage the health and well being of our societies. Your digital footprint is also your supply chain. We’re getting good at the data bit, but we aren’t yet thinking about the security of that data – what’s going to happen to that data beyond privacy? We need to think about how those two things relate,” Price added.
Australia’s public healthcare system should be improved in the area of technological security resiliency, and this will require strong consideration by the country’s lawmakers. Preparation cannot be done overnight, but by careful understanding of all stakeholders, especially the decision-makers in order to arrive at a cost-effective yet reasonable level of cybersecurity defense.
“How far prepared are you? It’s no longer a case of if a threat happens but when. It may have happened already, you may have not found it yet. There are a number of controls to work around with – detective controls, protective controls, corrective controls. But we got to remember is that prevention is better than cure. So, we need to have a proper cyber plan in place. The problem is, there’s far too much data out there for any one human to be able to grasp themselves. Humans are smarter, but machines are faster. Implementing AI or cognitive computing could mean 50 times faster threat investigations and 10 times more actionable threat indicators. As for machine learning and intelligent orchestration, it is aimed at helping enterprises respond to breaches more quickly and effectively. Then the blockchain element helps you build a digital identity ecosystem across multiple industries,” explained Stephen Burmester, IBM’s Industry Security Leader for Australia.