Summary Report | April 2023
Cyber Intelligence Insights
Australia and New Zealand Healthcare Sector
TLP: WHITE
The CyberCX Intelligence Insights series presents focused, contextualised information intended to be read by senior decision makers. Prepared by the CyberCX Intelligence team, these reports present recent trends and future forecasts that will inform organisations’ cyber security posture and risk assessments.
This is a TLP:WHITE summary of the full report.
For access to the full report, please complete the web form on our website.
KEY INSIGHTS
- The overall threat level facing the healthcare sector in Australia and New Zealand (AUNZ) is high.
- AUNZ healthcare organisations are high value targets for cyber threat actors due to their large holdings of sensitive data and critical business need to remain operational.
- We assess the sector faces the highest threat from cyber criminals.
- Cyber extortion poses the most significant cyber risk to AUNZ healthcare organisations in 2023. We assess that extortion impacting confidentiality of information presents an increasingly likely threat.
- In the second half of 2022, the AUNZ healthcare sector was in the top five most targeted sectors by cyber extortion groups, tying equal third with IT and wholesale and retail services.
- In 2022, CyberCX observed a lull in ransomware attacks in AUNZ which impacted the availability of networks or data. However, the risk from ransomware remains high for healthcare organisations as a successful attack could have a catastrophic, cascading effect for the sector and its stakeholders, including patients.
- Data theft extortion criminals are adopting harm maximisation strategies to increase pressure on victims to pay a ransom. We assess it is likely that more groups will adopt harm maximisation strategies in 2023.
- Supply chain compromises are a substantive attack vector for healthcare. This form of compromise is increasingly likely for AUNZ healthcare organisations and can cause cascading harm across the sector.
- In 2022, CyberCX observed an increase in supply chain compromises targeted managed service providers and software vendors, including compromises impacting AUNZ health organisations.
- The AUNZ healthcare sector is particularly vulnerable to supply chain compromises compared to other sectors, due to the sector’s size, diversity and interoperability.
- Following a year of high-profile data breaches at multiple organisations, Australia’s national data reckoning of late 2022 has accelerated government privacy reform, heightened consumer cyber awareness and is causing healthcare organisations to reappraise risks of personal information loss.
- All healthcare organisations have a responsibility to secure their operating environment and the data they hold. This Insights Report provides key recommendations to help guide organisations in building cyber resilience and protecting their patients now and into the future.
Request full report
The CyberCX Intelligence Insights series presents focused, contextualised information intended to be read by senior decision makers. Prepared by the CyberCX Intelligence team, these reports present recent trends and future forecasts that will inform organisations’ cyber security posture and risk assessments.