CYBER SECUIRTY
Turning cyber health scare into digital trust
T
he right arm up in a black splint. In pain. The left arm
By Guillaume Noé, Cyber Security Lead, Avanade Australia
10 | Cyber Risk Leaders Magazine
holding X-rays, an MRI report and other documents. My wife waited outside the hospital with the help of a medical staff. She had her second surgery within the span of six weeks following an accident. Three thoughts came to mind as I approached the hospital pick-up zone: I feel grateful. The surgery went according to plan. I couldn’t visit due to COVID-19 restrictions, but the nurse I spoke with the night before provided a good report. The surgeon is reputed to be the best in his field, and I truly appreciate the quality of care and the dedication of medical staff in Australia. Why is my wife holding so many documents? Surely there is a way to process all of these health data in a digitised form in 2021, and to do so securely. Five months ago, a ransom gang claimed responsibility for a cyber-attack against a healthcare provider in our city. Operations were impacted. The incident five months ago was unfortunately not the first. Healthcare service providers are increasingly an enticing target for cyber criminals looking for financial gains. The rise of cyber-attacks in the health industry is global. Cédric Hamelin, CISO of the Rouen University Hospital Centre (CHU) in France, shared his experience with the French National Cyber Security Agency, which was
recently published in a recent ransomware report: “On 15th November 2019, on the eve of the weekend, an emergency services intern reported a problem with access privileges to a business application. Shortly afterwards, the internal IT services noticed that a large number of the CHU’s workstations and servers were encrypted. The diagnosis came very quickly: it was ransomware.” Hospitals can be hurt and need specialist skills to protect their operations and patients’ data.
What makes healthcare such an attractive target? Attacks in the health industry are increasing, as reported by the Australian Cyber Security Centre (ACSC) in their 2020 Health Sector Snapshot. The ACSC identified the industry to be the subject of the highest number of reported cyber incidents outside of government and individuals. The ACSC also suggested the healthcare industry provides a very attractive target for cyber criminals because of: • its highly sensitive personal data holdings; • its valuable intellectual property on technology and research; • the criticality of services it delivers; • the pressure to maintain and, if disrupted, rapidly restore business continuity; • public trust in health sector organisations,