Health systems struggle to keep up with hackers
Training programs and tighter regulations could pose the answer to Australian and other health systems struggling to keep ahead of cyber attackers, according to research from UNSW.
The research found that health systems internationally are finding it difficult to keep up with the growing use of cyber technology by nefarious actors.
Hospitals are still often running outdated, legacy operating systems that can be easily exploited by hackers.
The ongoing digitalisation of nearly all systems, such as radiology, pathology and patient records, is also posing a challenge because corresponding cybersecurity requirements have not been evolving as quickly.
The report found that while interconnected digital systems such as My Health Record can be life-saving tools, when inadequately secured they can also put lives at risk. Well-aimed ransomware attacks, for example, could cripple hospital functioning.
“Digital health records can also be used for precision harm against individuals,” added research co-leader Professor Raina MacIntyre of the UNSW Kirby Institute.
“It has been shown, for example, that CT scans can be hacked and altered so that evidence of cancer can be removed or added — imagine the harm that could cause if an individual were targeted in this way.”
The research also found that attacks on hospitals and public health data increase during times when health services are particularly busy and overstretched.
But there are currently no cybersecurity training programs stipulated by health management accrediting bodies in Australia, noted Dr Elena Sitnikova of UNSW Canberra Cyber.
“Those in the healthcare profession may be inadequately equipped to manage cybersecurity threats or breaches. Cybersecurity is everybody’s business — from health administrators in the reception area to surgeons in the operating theatre,” she said.
“A culture of cybersecurity maturity must be proactively developed within healthcare systems to help mitigate cyber threats.”
Another solution could involve introducing more stringent regulations, with Sitnikova using the example of the US Healthcare Insurance Portability and Accountability Act (HIPAA).
This legislation mandates encryption, reporting of breaches, education and risk assessment for the healthcare sector.
“We need to follow best practices which already exist and customise them to our own needs in Australia. Even with the HIPAA, the US still faces cyber attacks on hospitals — so we are even more vulnerable,” Sitnikova said.
“There is an expectation of the public that their medical records are safe.”
Answers to frequently asked questions and a step-by-step guide will help government agencies...
The OAIC has released a guide to help agencies and departments comply with the Privacy Act...
The public and private sectors are strengthening their coordinated response to potential cyber...