Even as authorities scramble to recover from a successful ransomware attack on a group of regional Victorian hospitals, experts are warning that the ongoing exposure of “woefully under-protected” healthcare organisations has made them prime targets in a climate where malicious compromises have become nearly ubiquitous.Reports said the South West Alliance of Rural Health (SWARH) – a shared-infrastructure coalition supporting hospitals and related healthcare service providers across south western Victoria – had been targeted by a cyber attack that had compromised the network since late Monday afternoon.Experts had been called in to assist with recovery efforts after the attack compromised a range of systems – both at SWARH and the Gippsland Health Alliance – blocking access to financial management, patient booking and other systems in an attack that Victorian premier Daniel Andrews said in a [[xref:https://www.premier.vic.gov.au/statement-on-cyber-security-incident/ would cause disruption to “a small number of clinical services” including outpatient appointments and elective surgery.Affected hospitals have been disconnected from the Internet “as a precautionary step”, the statement said, with Barwon Hospital suspending some clinical services, and a “small impact” to Warrnambool aged-care services, and radiation services in Gippsland. Authorities were downplaying the chances that any patient information had been compromised, promising “a full review” to identify any additional measures that need to be taken.The attacks were old news for security industry figures, with Forcepoint senior director and security strategist Alvin Rodrigues warning that the incident suggested Australian healthcare providers “need to re-look at their existing cybersecurity posture”. “Attackers are undermining the most extensively-designed security systems by launching social engineering attacks or a phishing attack to compromise people,” he said, “thus stealing their digital identities and critical data.”“Healthcare institutions need to rethink their existing cyber security approach. As they continue with securing the perimeter preventing attacks, we recommend they expand and embrace a behaviour centric analytics approach to cybersecurity, where peoplemdash;rather than IT infrastructuremdash;become the focal point. By knowing your people’s baseline behaviour, alerts are triggered when there is deviation. This helps security professionals to more effectively safeguard the healthcare data that they are storing.”Healthcare CISOs have been struggling to keep up with the appeal of healthcare information to cybercriminals, which have had great success capitalising on the chronic lack of funding, overpressured workers and systems heterogeneity typical of the sector.The industry has been by far the most regularly breached since the Office of the Australian Information Commissioner (OAIC) started analysing reports under Australia’s Notifiable Data Breaches (NDB) scheme in early 2018, and emerging Internet of Things (IoT) deployments are compounding the pressures they face to maintain data and system security.Victoria’s public service has struggled to improve its cybersecurity posture in the wake of repeated findings such as a 2013 audit that warned the government was unprepared for ICT security breaches, and a 2015 follow-up that found disappointing progress in improving the situation.Victoria has since redoubled its efforts around cybersecurity – but for Carbon Black head of security Rick McElroy, this latest ransomware attack on “woefully under-protected” healthcare organisations “is yet another reminder of the inadequate security controls that exist in in some of Australia’s health organisations.” “Endpoint protection at healthcare organisations appears to be severely lacking,” he explained. “Beyond technology, humans are often the weakest link in any organisation’s security posture. This is where education and security awareness training can play an important role.”“Prevention is always the best cure but minimising detection and response time during a breach is critical. Putting a reliable security solution in place that can alert on anomalous and suspicious activity can help reduce dwell time from weeks down to minutes. Breaches are inevitable. Losing sensitive information doesn’t have to be.”Full industry comment:Alvin Rodrigues isSenior Director, Security Strategist, atForcepoint, and has made the following comment: “The ransomware attacks on hospitals in the Gippsland Health Alliance and South West Alliance of Rural Health shows that the Australian healthcare industry needs to re-look at their existing cybersecurity posture. Hospitals are an attractive target for cyber criminals for the personal and sensitive medical records of patients it holds, and the value it offers if such critical data is compromised. This gives hospitals little choice, especially when dealing with life-threatening situations, but to surrender to hackers demand. This trend is going to continue, and paying ransom isn’t always the best way out, as hackers may not keep their promise of returning all the sensitive data. Attackers are undermining the most extensively-designed security systems by launching social engineering attacks or a phishing attack to compromise people; thus stealing their digital identities and critical data. Healthcare institutions need to rethink their existing cyber security approach. As they continue with securing the perimeter preventing attacks, we recommend they expand and embrace a behaviour centric analytics approach to cybersecurity, where peoplemdash;rather than IT infrastructuremdash;become the focal point. By knowing your people’s baseline behaviour, alerts are triggered when there is deviation. This helps security professionals to more effectively safeguard the healthcare data that they are storing.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe