HISA’s Cybersecurity Community of Practice (CoP) was established to inform and engage stakeholders and healthcare providers across the Australian health ecosystem regarding cybersecurity.
There are those who ask “who would be interested in hacking patient data?” It is precisely this attitude together with the rate at which healthcare refreshes its technology that exposes healthcare organisations to high risk of cyber attack. Professor Trish Williams presented at HIC 2017 a list of reasons why the healthcare industry is appealing to hackers: ransom for money; denial of service for malice and money; stealing confidential data; compromising data; identity theft and compromising devices. The scale of disruption and impact to busy healthcare settings already operating at capacity caused by a cyber attack needs no explanation.
To better understand the current state of perceptions and cybersecurity practice in Australian healthcare, the CoP conducted a survey over a period of five weeks in September/October 2017. The survey posed questions across four broad domains to assess awareness and maturity across the healthcare ecosystem. The survey investigated:
- Leadership: Ownership of the issue
- Culture/Staff responsibility/awareness: Training and awareness of cybersecurity and its related implications
- Policies and procedures: Understanding of business continuity processes and incident response procedures
- General cybersecurity knowledge: Utilisation of fundamental security processes that are currently followed within the organisation to mitigate security breaches - e.g. use of USB, on-and off-boarding processes, password policies, organisational asset register, and so on.
There were 157 responses to the survey, from a cross-section of organisations.
Initial analysis of survey findings provided insights into healthcare’s cybersecurity posture at a point in time.
The survey has taken an initial pulse of cybersecurity that ought to be repeated annually.
It has also raised the profile of cybersecurity in the healthcare sector.
The Cybersecurity CoP is committed to responding to the information needs of the diverse digital health community. When we asked the healthcare community on which areas the CoPshould focus, we received reasonably balanced feedback which endorsed our stated mission of informing, engaging, and influencing (Figure 1). Other suggestions included providing warnings about breaches in healthcare and understanding global trends.