Healthcare data breaches in Australia are growing at a concerning rate, with this sector being hit the most out of all reported data breaches this year. Of all reported data breaches in Australia across all sectors, healthcare accounted for 20% alone. The next highest sector was finance, which accounted for only 14% of all reported breaches.
While this is not great news, it’s important to keep abreast of trends in cyber security and data breaches in Australia, and in this instance at least, you can breathe easy knowing that none of the reported data breaches were connected to the controversial and soon-to-be-mandatory My Health Record system.
How many data breaches were there?
Numbers for the year in total may not be truly representative as the NDBS only took effect on 22nd February 2018, but the total received notifications for this quarter (April to June 2018) were 49 within the healthcare sector, out of a total 242 breaches. From January, all reported breaches within the healthcare sector totals 64.
What was the source of data breaches in Australia?
20 out of 49 breaches (41%) reported were caused by a malicious or criminal attack, and the remaining 29 (59%) were caused by human error. With a nearly half-half split, these numbers seem far too high.
Malicious attacks can be broken down further into one of three categories of attack. 3 breaches were caused by a rogue employee or inside threat. 9 were caused by theft of paperwork or a data storage device and 8 were caused by a cyber incident. ‘Cyber incident’ refers to hacking, phishing, ransomware, compromised or stolen credentials or a brute-force attack. Each of these methods were used at least once, in case you were thinking that ransomware seemed far-fetched.
Human error breaches boiled down to mostly communication mix-ups via mail, email or unauthorised verbal disclosure. It may seem tedious to constantly verify identities when dealing with medical information, but the frequency of these breaches justify the need.
How can you protect yourself?
If you’re a health service provider, and feeling the heat from the likelihood of these attacks, it’s important to follow the cyber security tips we’ve outlined here. Being a healthcare provider means you’re responsible for extremely critical and confidential information, meaning you need to take some essential steps from the get go to protect your data and your business. Here are some immediate examples of what you can do to prevent your healthcare data breaches:
- Perform cyber security audits, and update cyber security protocol
- Implement cyber security guidelines and framework as advised by RACGP
- Follow the ‘essential eight’ tips endorsed by the ACSC
- Be proactive about employee education and awareness
- Back up your data regularly, and have an incident response plan in place so you’re able to recover lost data without fuss
If you’re unsure where to begin with regards to securing your data, and protecting your networks, these steps are a great place to begin. If these steps still have you feeling lost, Stanfield IT is well-versed in providing advice and implementing cyber security plans for healthcare providers, so just call or email our team for a chat. Check out our cyber security guide for small to medium businesses here.