Australia is the world's number one destination for ransomware, and a lack of attention paid to cyber threats is imperilling Australia's economic future, a conference has heard.
With a Deloitte report stating that there will be more than 50 billion medical devices connected to the IoT over the next decade, and Business Insider Intelligence estimating that as much as $655 billion will be spent globally on cyber security initiatives between 2015 and 2020, how prepared is the healthcare sector?
AustCyber CEO Michelle Price, who was speaking at the recent MedTech18 Annual Conference in Sydney, said Australia’s still at a stage where as a community, economy and active nation in the world, it’s lacking the depth of understanding about the importance of cyber security and cyber resilience.
“Today, every single business and entity in Australia is digital, meaning every single entity is subject to malicious cyber attacks. This is why, if we’re not growing companies in Australia that have enterprise-grade cyber security and are cyber resilient in every way, we will not be a global actor in the economy in the next 10 years,” she said.
“We’re seeing economic value being wiped from our economy as a result of malicious actors treating the Australian economy like their playpen before they move on to other destinations. We are the number one destination for ransomware in the world, per capita.”
[Read more: Why crisis response is a weak point for healthcare cyber security | “Yet another wake-up call”: Privacy Commissioner releases new data breach report, with health sector top of the list]
As such, Price recommended that any medical device that can be hacked needs to be hacked to make sure that they continue to be useful and that every single device is increasingly cyber resilient.
“The approach to cyber resilience should be security by design. Thinking about the process from the start builds the approach into our muscle memory. Then, the true outcome from it becomes trust in our organisations, the devices that we’re producing, and our ability to manage the health and well being of our societies,” she said.
However, it’s not just about the medical devices themselves, but also the data that they hold and communicate to other devices.
“Your digital footprint is also your supply chain. We’re getting good at the data bit, but we aren’t yet thinking about the security of that data – what’s going to happen to that data beyond privacy? We need to think about how those two things relate,” Price said.
At the recent HIMSS AsiaPac18, IBM Australia Industry Security Leader Stephen Burmester said the healthcare industry should be increasingly aware of cyber threats occurring in the space, as over 100 million healthcare records were reportedly compromised over the past six months.
He said healthcare experienced 36 per cent more security breaches than any other industry, and that medical records have greater black market value than credit cards.
“How far prepared are you? It’s no longer a case of if a threat happens but when. It may have happened already, you may have not found it yet.”
[Read more: "Humans are not the weakest link": Shifting the cybersecurity narrative to fend off healthcare hacks | "Risks not taken seriously enough": Scathing audit of WA Health’s digital patient record system reveals concerns]
According to Burmester, the next step for us, as a economy is to convert the conversation into action. He stressed the importance of building the right systems and processes around a digital implementation.
“There are a number of controls to work around with – detective controls, protective controls, corrective controls. But we got to remember is that prevention is better than cure. So, we need to have a proper cyber plan in place,” he said.
Burmester said healthcare organisations need to embody proactive skills and build an integrated security immune system – identify, protect, detect, respond and recover – to get visibility, intelligence across the system and understand what is going on.
Underpinning all of this, according to Burmester, should be newer technologies such as AI, machine learning and blockchain.
“The problem is, there’s far too much data out there for any one human to be able to grasp themselves. Humans are smarter, but machines are faster. Implementing AI or cognitive computing could mean 50 times faster threat investigations and 10 times more actionable threat indicators,” he said.
“As for machine learning and intelligent orchestration, it is aimed at helping enterprises respond to breaches more quickly and effectively. Then the blockchain element helps you build a digital identity ecosystem across multiple industries.”
HIMSS is the parent company of HITNA.