Australian healthcare must step up its cyber exposure management: here’s how

Alarming new data reveals the Australian healthcare sector is once again, under siege. The Office of the Australian Information Commissioner (OAIC) recorded a five-year peak in data breach notifications in the second half of 2024 and the healthcare sector once again, came out on top. Malicious or criminal attacks accounted for 60% of the breaches, with 69% of those linked directly to cyberattacks.

Cybercriminals continuously craft new exploits to target system weaknesses in healthcare organisations and to get hold of their high-value data, which can include protected health information (PHI), insurance and payment information. Armis research reveals 50% of Australian healthcare businesses had experienced more threat activity on their network in the last six months of 2024 when compared to the six months prior.

These exploits often evolve into ransomware or advanced persistent threats (APTs) or are bundled into exploit kits and traded in the hidden marketplaces of the dark web. 75% of Australian healthcare organisations state they fear the attacks of APT groups, including APT41 (Double Dragon), APT10 (Stone Panda) and Gamaredon the most.

With these attacks becoming more frequent and severe, healthcare providers must embrace a thorough security approach designed to protect all technology assets to safeguard both lives and systems, while supporting the delivery of optimal patient outcomes.

Complex networks multiply the attack surface

To build resilience in their cybersecurity posture, it’s important to understand the vulnerable areas within the healthcare ecosystem that bad actors can exploit.

The digital transformation push in healthcare has contributed to the improvement of the patient experience across every touchpoint, from the building entrance to the operating room and beyond. However, more innovation and technology increase the vectors for attacks beyond just medical devices.

As the industry continues to innovate and adopt new technologies to support faster, more efficient patient care, the technology ecosystem now encompasses everything from digital patient records to operational technology managing elevators, HVAC systems, and lighting.

The future of healthcare depends on innovation, but innovation without security is doomed to fail. Protecting the entire technology ecosystem, including emerging technology like telehealth platforms, robotic surgeries, and AI diagnostic tools, ensures long-term growth and patient trust.

Neglecting medical devices in favour of IT security or vice versa can result in potentially life-threatening blind spots. Technology malfunctioning or being taken over by bad actors can administer improper dosages, create backlogs for essential screening and procedures, and cause cancelled treatments.

Build an effective cybersecurity program

Organisations need to proactively manage their exposure to cyber threats and take action to mitigate emerging risks for ongoing protection. Start by following the actionable steps below:

1. Conduct a ‘Full Physical’ – A complete and real-time asset inventory is essential for any security program. It should cover all types of assets, including medical/IoMT, enterprise, IoT, OT, cloud, remote, and virtual. Classifying each asset by its role, criticality, behaviour, and risk level enables security teams to prioritise efforts based on potential impacts to patient care.

2. Ensure Your Policies are Updated – Regularly reviewing and updating security policies is crucial for maintaining strong cybersecurity. Leadership should set the example, ensuring policies reflect the current threat landscape. Implementing AI-powered automated response tools helps reduce reaction time and maintain consistent protection.

3. Triage, Assess and Treat – Healthcare security assessments need a multi-layered approach, combining passive analysis, smart active querying, and clinical risk prioritisation. Risk-based frameworks help identify, contextualise, and prioritise vulnerabilities based on exploitability and patient impact. Automating remediation workflows such as patching and configuration updates speeds up response and reduces risk more efficiently.

4. Conduct Regular Checkups – Preventing attack spread requires clear visibility into network traffic and behaviour. Monitor for both known and unknown threats like zero-days and unusual activity. Consider AI-driven tools that support proactive detection to identify and stop attacks early.

5. Manage Third Party Risks – Maintain a comprehensive inventory of vendor-managed assets and thoroughly assess their credentials, site-to-site tunnels and remote access software. By fostering collaboration between security teams and other departments like clinical engineering and facilities management, healthcare organisations can better manage access and prevent unauthorised or unsecured applications on unmanaged vendor servers.

Understanding and securing every asset across the healthcare environment is foundational to managing cyber risk and supporting innovation without exposing the expanding cyberattack surface.

By leveraging automation to proactively build up a security posture in advance of an attack taking place, Australian healthcare organisations can better prepare for and recover from potential incidents, while focusing on delivering lifesaving and life-improving care.