deepagopi2011 - Fotolia

Australian health sector an easy target for cyber criminals, says IBM

A push to encourage greater adoption of electronic health records has raised the spectre of online record theft

According to IBM’s 2016 Cyber Security Intelligence Index, there has been a clear shift recently in online targets, essentially away from credit cards and toward health-related data.

IBM has worked with small suburban medical and dental centres in Australia, which have become a particular target for ransomware.

Glen Gooding, an executive from IBM’s Security Services (ANZ), said health records were “an important way to extract money by taking on the persona of someone else”.

He added health-focused organisations were often an easier target than financial sector businesses, many of which have implemented more robust information protection systems.

“In the local medical clinic there’s usually not a large IT component, and there’s a lack of skills. They are an easy target,” said Gooding.

Moreover, there’s going to be a whole lot more such targets as both federal and state authorities ramp up initiatives to encourage the creation of online health records.

The federal scheme, originally dubbed the Personally Controlled Electronic Health Record, has been renamed MyHealth. Currently an opt-in regime, 2.7 million people now have a MyHealth record, but the federal government expects its opt-out trials now underway will net another one million.

Australia’s May budget earmarked A$156m for the Australian Digital Health Agency, which starts operations in July and is charged with encouraging the uptake and use of online health records, and also for managing their security.

Read more about cyber security in Australia:

While the central database may be locked down, the access points are widespread, and security education will be essential to ensure health records aren’t leaked from the 8,400 connected healthcare entities now using the system, including GPs, hospitals, pharmacies and residential services for the elderly.

The New South Wales government in May 2016 released its 10-year eHealth strategy which has online medical records at its heart, and integrates with the MyHealth national system.

For cyber criminals it’s a veritable treasure trove of data – with medical records selling for as much as A$1,000 a pop on the dark web according to Rich Ferguson, country manager for Absolute Software in ANZ. 

A fully populated medical record is a more lucrative grab than credit card data, which can command as little as A$1, he said, and it explains why health businesses are now being targeted.

He said while the concept of having digital medical records, which could streamline the delivery of health services to patients, was attractive, the fact that health-related data might be accessible from PCs or tablets in an unencrypted format was a concern.

Gooding said it was important that all health organisations understood where critical information was held and which systems were able to access that data. He said stout perimeter controls would be essential. 

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close