News

AMA attends first Cyber Security Town Hall

Federal AMA policy experts were briefed on the healthcare sector’s cyber vulnerabilities.

Last week the AMA attended the first Cyber Security Town Hall, co-hosted by the National Office of Cyber Security (NOCS) in the Department of Home Affairs, and the Australian Cyber Security Centre (ACSC).

The first of its kind, the conference brought together government and industry to raise awareness of cybersecurity efforts and support the uplift in capabilities across the health sector. Presenters shared insights on key cyber threats facing the health sector and highlighted the resources and initiatives in motion to assist health providers in responding to these challenges.

Australia sits on the edge of an increasingly securitised East Asian geopolitical environment in which cyber activity is playing a key role. It may interest readers to know that classified information may not be the most coveted target for foreign actors — private sector data is.

The town hall comes after the release of Australia’s 2024 Annual Cyber Threat report, in which healthcare received the distinction of being the most frequently reported non-government sector for cyberattacks.

Cyber espionage is the most significant threat to the health sector, with foreign actors targeting intellectual property, clinical trials and sensitive medical research as highly valuable assets. The health and medical sectors are prime targets for foreign intelligence, especially regarding clinical trial data.

Advice from the Office of Cyber Security aligns with the annual cyber report’s analysis identifying ransomware attacks as a predominant threat, with attackers seeking to disrupt services and breach data in order to demand payments for the return of sensitive ‘imperishable’ patient information.

The health sector is not well-prepared for this degree of foreign interest. Unpatched medical devices and research-related data remain particularly vulnerable, and health organisations are being urged to implement multi-factor authentication and ensure their proxy services can block direct, repetitive cyber attempts to gain access to their systems.

A strong message in the Town Hall session was to reinforce health organisations are not alone. There are many resources available to guide in managing potential cyber threats and a host of initiatives working to enhance cybersecurity resilience and collaboration across healthcare providers.

The government is working to equip healthcare providers with an abundance of digital tools, from ‘playbooks’ to guide response to during incidents, to ongoing cyber eLearning and pre-emptive cyber alert capabilities built into the Australian Digital Health Agency’s broader infrastructure.

When faced with the reality of a cyber-attack, practitioners are encouraged to engage with the ACSC and NOCS as early as possible to facilitate crucial information sharing that can mitigate damage and assist a swift response. IDCARE is one of many helpful resources, a free service offering tailored cybersecurity support to small businesses. A list of further resources is listed below for further information. 

By leveraging these resources and focusing on key areas of vulnerability, the health sector can strengthen its cybersecurity posture in response to cyber threats.

 

Resources

  • The following services and products are available to support cybersecurity uplift in Australia:
  • The National Cyber Security Coordinator and the National Office of Cyber Security provide guidance on incident response, consequence management, and collaborative forums. The 2023-2030 Australian Cyber Security Strategy outlines various initiatives to improve cyber resilience across sectors. For inquiries contact the Cyber Security Engagement team at cse@homeaffairs.gov.au.
  • The Trusted Information Sharing Network (TISN) is a network with a dedicated Health Sector Group fostering collaborative security improvement initiatives. Membership is non-competitive and non-regulatory. For details, contact cir@homeaffairs.gov.au.
  • The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) leads the government's cybersecurity efforts and offer alerts, advisories, guidance, and tools via Cyber.gov.au. The Cyber Security Partnership Program provides organisations with threat intelligence, collaboration, and resilience-building opportunities.
  • The Australian Security Intelligence Agency's (ASIO) Outreach Portal provides industry professionals with advice on emerging security threats, drawing from domestic and international sources. The ‘Protect Your Research’ booklet helps organisations secure research data and intellectual property. Contact Outreach via their website for more details.
  • The Australian Digital Health Agency (ADHA) works with the healthcare sector to secure digital health information and assets. ADHA also convenes a Cyber Champions Network to promote cybersecurity culture and behaviours in healthcare organisations. For more information, contact cyber-enquiries@digitalhealth.gov.au.
  • The Department of Health and Aged Care will be collaborating with software vendors in 2025 to develop a regulatory framework that enhances the cybersecurity of platforms handling sensitive health data. This will include implementing cyber security controls in line with the Information Security Manual (ISM).

Related topics