Healthcare data breaches that have bamboozled cybersecurity managers
Did you know that the healthcare industry remains the biggest reporter of data breaches in Australia?
If this is unnerving, it’s because it implies how at-risk our confidential healthcare information is.
In a previous post, we discussed how healthcare cybersecurity breaches were the highest reported breaches in the country during the pandemic last year. Healthcare data breaches are also among the highest caused by internal factors like employee error compared to external factors.
This trend was confirmed by reports that demonstrated that phishing and ransomware attacks were the most common types of cyberattacks the healthcare industry faced in 2020.
This, however, is not the only reason why breaches occur at such an alarming rate. Contributing factors include the increased uptake of technology and the stringent legal requirements imposed on the healthcare industry.
Regardless of the root cause, data breaches in the healthcare industry have a significant business, financial, social, and reputational impact. This much is obvious.
In this post, we dive into two of the biggest data breaches the healthcare industry has faced in the recent past and dive deep into what you can do to improve healthcare cybersecurity in your facility.
Major healthcare data breaches in Australia
Medicare data breach
In June 2017, Medicare card numbers were compromised, leading the Australian Federal Police to launch an investigation to capture the perpetrators.
Information surfaced about an individual who had purchased Medicare details from the Dark Web for $20. It was later revealed that the seller had already profited from around 75 other Medicare card details.
It is believed that the hack originated from stolen login details from the Department of Human Services’ Health Professional Online Services.
Family Planning NSW data breach
In May 2018, the sexual health and reproductive service’s network was breached by hackers. The target was Family Planning NSW’s booking system; home to information on around 8,000 patients. Using ransomware, hackers demanded a ransom in exchange for the stolen data.
Authorities were concerned that the women who were seeking their services could be in abusive relationships, from conservative families, or coming for help without their partners’ knowledge. If the data was ever made public, these women could find themselves in precarious situations.
The institution refused to pay the ransom, however, and there has been no evidence that the hackers published this data. It’s important to remember, here, that not all data breaches end this way.
Data as sensitive as healthcare data can only remain secure if medical staff are proactive in safeguarding it. Here, it’s important that leaders rally around information security as a corporate value.
A great first step is to document the organisation-wide commitment to security.
Protect mobile devices
While mobile devices are used to increase patient satisfaction and staff productivity, these devices may have issues like data encryption and HIPAA compliance.
Include a mobile device management system for administration and compliance. Select one that ensures secure file-sharing and supports authentication.
Establish a SOC
A Security Operations Centre or SOC is a solution that provides 24x7x365 security monitoring and threat detection. Instead of launching an in-house team, it’s generally more effective and cost-efficient when this function is outsourced to security experts.
With it, you can stay updated on the vulnerabilities in your networks and ensure ongoing security.
Periodic staff training
Everyone associated with healthcare systems needs to undergo periodic security awareness training. It’s important that they are made aware of phishing and ransomware attacks and understand how to detect and report suspicious behaviour.
Ensure ongoing cybersecurity to stay on top of potential healthcare data breaches
Healthcare data breaches have only continued to grow in frequency in the recent past. The highly sensitive and confidential information that is at risk of being compromised makes healthcare cybersecurity one of the most likely to be targeted. Statistics show this to be true.
If you are unsure of how to strengthen your cybersecurity protocols, leverage the support of security professionals. Reach out to Triskele Labs to learn more about what your cybersecurity strategy may be missing.