Security breaches have immediate implications for healthcare providers, which are regularly targeted with ransomware attacks. Attackers know the facilities’ staff are so busy that someone is likely to inadvertently click on a malicious email attachment without thinking. Healthcare providers, in particular, are being targeted both because they are rich sources of protected health information (PHI), and because their size and complexity have often kept them behind the curve when it comes to securing data.
The Australian Federal Government's new Mandatory Notifiable Data Breach scheme has substantially increased the obligations on healthcare providers when it comes to handling customer data, opening organisations up to six-figure fines if they don't properly protect privacy.
IT leaders are fighting back, with 95 percent including ransomware prevention in their cyber resilience strategies for 2018. This is not just good security practice: new regulations, such as Australia’s notifiable data breaches (NDB) scheme and the European Union’s general data protection regulation (GDPR), will increase the onus that privacy regulations and industry-specific rules like HIPAA already place on hospitals to protect PHI. Healthcare providers may rely on email, but their legacy of patchwork IT is leaving them exposed to cyber attacks that compromise their business continuity. The Royal Melbourne Hospital breach, for example, occurred due to an infection of outdated PCs running Windows XP – which Microsoft had stopped supporting more than two years earlier. Such systems are sitting ducks for modern exploits that are being continually updated by cybercriminals.
For insights on what the new obligations mean for healthcare providers, what sort of breaches are covered by the scheme and what steps organisations should be taking to protect themselves, watch the Healthcare IT News Australia's webinar recording.