This Sector Snapshot is designed to enhance awareness of key cyber security threats in the health sector and advise executives and cyber security professionals within the health sector on what they can do to protect their organisation from cyber threats. This report provides a high-level overview of the cyber security environment within the health sector over a twelve month period (1 January to 31 December 2020).
Executive Summary
COVID-19 has fundamentally changed the cyber threat landscape for the health sector, with malicious actors increasingly targeting and compromising health networks, which are already under pressure in a pandemic operating environment. Malicious actors are primarily financially motivated and may seek to gain access to valuable data stores, use the branding from high-profile victims and incidents to bolster the legitimacy of the targeting activity, and/or cause disruption to business operations and continuity through methods such as ransomware. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) assesses that ransomware is currently the most significant cybercrime threat to the Australian health sector.
During the reporting period, the ASD’s ACSC received 166 cyber security incident reports relating to the health sector. This is an increase from the 90 reported incidents affecting the health sector during the 2019 calendar year and likely a result of increased targeting of the health sector due to COVID-19. Incidents reported by the health sector are primarily from health care providers, as well as customers falling victim to health-related scams or data breaches.
Rates of health sector incidents in this reporting period are trending down towards pre‑COVID‑19 levels; however, we expect cyber incidents will fluctuate. Globally, COVID-19 themed scams occurred during the height of the pandemic last year, and will potentially increase throughout the vaccine’s research, manufacture, distribution and administration phases. While the ASD’s ACSC has not yet observed this activity in Australia, international reporting suggests cybercriminals are attempting to scam the public in other countries by taking advantage of the COVID-19 vaccine rollout, and targeting companies involved in the vaccine supply chains. As such, the ASD’s ACSC advises that organisations maintain a heightened state of awareness as malicious actors search for new vulnerabilities or seek to exploit existing ones.
The ASD’s ACSC offers ongoing support to the health sector through incident management services and the ASD’s ACSC Partnerships Program to ensure the health sector is protected and resilient to malicious cyber activity. If you are a health sector organisation, the ACSC encourages you to join the Partnerships Program by emailing asd.assist@defence.gov.au.