Limited functionality available
In early August, the Federal Government released its 2020 Australian Cyber Security Strategy. This not only focused attention on the need for greater security around personal information, but redefined what industries were classified as critical to the national interest.
In previous years, this was reserved for sectors such as utilities and telecommunications providers. However, in the wake of the COVID-19 pandemic, Australia has been forced to reconsider what industries are truly integral to society. Healthcare data has emerged as a vitally important commodity and is now seen as key to our national security.
This is no surprise given the multiple warnings from the Australian Cyber Security Centre (ACSC) on cyber attacks targeting healthcare and aged care. With the increasing digitisation of the healthcare system and the amount of sensitive personal information held by these organisations, “a significant ransomware attack against a hospital or aged care facility would have a major impact”.
Cyber criminals and nation states are realising that healthcare organisations are sources of valuable data that pose a very real threat to the safe functioning of societies and governments. To address this risk, Australia must better embed cyber security at the heart of public and private health information systems.
Transformation brings vulnerability
Healthcare organisations are digitising processes, functions and data as they uncover the benefits of clinical transformation – but this is leaving them open to nefarious cyber activity. The more digital interfaces created by electronic health systems, the greater the cyber ‘attack surface’.
Undertaking a new healthcare project or initiative requires changes across processes, job roles, organisational structure and technology. While the focus is often on safe clinical care, there is less recognition that access to patient data and ensuring it’s handled safely is a key part of this. Embedding ‘security-by-design’ into the foundations of a clinical digital transformation project is paramount.
Why? Because healthcare data contains our most confidential information and is attractive to a criminal organisation or foreign adversary.
How healthy is that population? What are some of the healthcare trends? Could this information be used to exploit or cause embarrassment?
A focus on health security
With the 2020 Cyber Security Strategy recognising healthcare systems as a matter of national importance, the provision of IT security must also be elevated. Hospitals and healthcare providers can no longer underinvest and underperform when it comes to cyber security.
From bedside care to data warehouses and smart devices, the flow of patient data must be secured at each step along the way. IT providers and integrators need to ensure systems don’t introduce vulnerabilities or weaknesses that are open to exploitation.
The health sector has often been seen as a laggard when it comes to cyber security, falling far behind sectors such as financial services, and energy and resources. But now is the time for healthcare providers to rise to the challenge. Security must be a core and critical work-stream for any electronic medical or healthcare program. Without data security at the heart of healthcare systems, patients will lose confidence in the ability of organisations to deliver good health outcomes.
Addressing this means embedding a safety focus in digital health technology initiatives such as electronic health records. In determining the outcomes of these projects, security must be a key metric for consideration. It also includes educating and training healthcare practitioners on the tell-tale signs of potential cyber attacks.
Today more than ever, the privacy and security of patient information is critical for the successful operation of a world-class healthcare system. As the turbulent times we live in elevate the importance of healthcare data, it’s abundantly clear our protection of it must increase too.
For more on the importance of cyber security, read Deloitte’s submission to the 2020 Cyber Security Strategy
Ben is a Director in Deloitte’s Cyber Security practice. His expertise is in Cyber Security with Human Factor and Insider Threat strategy. Ben has experience in large scale project and portfolio management, the delivery of operational information technology, data and security services. Ben has worked in cyber security for nearly 20 years and has a background in secure Government information security. He is the lead Health Care Director for Deloitte Australia’s Cyber Risk Advisory practice.