Healthcare cyber attacks underline importance for tight control over data

Monday, 03 May 2021 22:16

By Adam Gordon, Varonis

ANZ Country Manager, Varonis

GUEST OPINION by Adam Gordon, ANZ Country Manager, Varonis: The rise of cyber-attacks on Australia’s healthcare sector highlights just how important it is for organisations to have tight control over their data – this means knowing exactly who has access to what, and which data presents the highest risk if it were to be exposed.

The average cost of a data breach in healthcare is the highest out of any industry, due to the extremely sensitive nature of the data healthcare organisations collect, such as confidential patient records in the case of hospitals.

The Varonis 2021 Healthcare Data Risk Report found that healthcare organisations have an average of 31,000 sensitive files (such as those containing patient data) open to every employee on the network. Furthermore, 77% of healthcare organisation have over 500 accounts with passwords that never expire.

Together, these factors can create a recipe for disaster - all it takes is one account to be compromised for a hacker to gain access to thousands of valuable files. Once in the network, hackers rely on the ability to remain undetected – and having non-expiring passwords could mean a hacker is lurking for months or even years before they are discovered.

Overall, the healthcare sector is woefully underprepared for attacks, with an average breach lifecycle of 329 days (the time it takes to discover and remedy a breach) — the highest of any industry. The potential damage a cyberattack can cause in healthcare is unparalleled with any other industry, due to the life-threatening impacts on patient safety. In fact, 2020 marked the first year that a patient’s death has been directly linked to a cyberattack.

COVID-19 has enabled attackers to take advantage of under-resourced healthcare organisations on the front lines. With hospitals triaging patients around the clock, a cyber-attack can have devastating impacts on an already severely stressed system. The recent string of attacks against Australia’s hospital system demonstrate maliciousness on an unprecedented scale, and while hackers’ methods vary, the end goal remains the same: to steal sensitive data.

In order to prevent increasingly malicious and sophisticated cyberattacks, healthcare organisations need to be proactive rather than reactive. One of the most important ways to achieve this is implementing a policy of least privilege, meaning that staff only have access to the files that are necessary to do their jobs. By locking down their most sensitive information, healthcare organisations can restrict the amount of damage that occurs and prevent hackers from moving laterally throughout the network, saving them potentially millions of dollars. This policy is an absolute bare minimum precautionary measure that all healthcare organisations need to take.

Adam Gordon’s comments are in response to the ransomware attack on Queensland hospitals and aged-care facilities, which has led to the widespread disruption of IT systems.

Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

Healthcare cyber attacks underline importance for tight control over data