Palo Alto Networks, a leading provider of cybersecurity services, commissioned research that shows that Kiwis think it's a matter of when, not if, another cyber-attack hits the health sector. Kiwis also expect providers to pay the price if they fail to stop them, particularly as more lifesaving personal medical devices are connected to the Internet, making them a rich target for cybercriminals.
This comes as last year, cyber-attacks on healthcare services resulted in providers struggling to operate without access to their information technology systems and private patient information being leaked onto the dark web.
“Technology continues to drive rapid improvements in healthcare to deliver better health outcomes for Kiwis. At the same time, cyber threats and the sophistication of cyber-attacks continue to increase dramatically,” says Alex Nehmy, Director, Industry 4.0 Strategy, Asia Pacific and Japan at Palo Alto Networks.
“56% of Kiwis surveyed said they are worried a similar attack to the one that breached the Pinnacle Midlands Health Network in September 2022. Sectors like healthcare will continue to be attractive targets to cyber criminals because they can quickly sell patient data on the dark web, while ransomware’s ability to lock down patient care and back-office systems make lucrative ransom payments likely.”
The research, commissioned by Palo Alto Networks and conducted by Talbot Mills Research in November 2022, found that 50% of Kiwis are more concerned about cybersecurity now that there is a centralised healthcare system through Te Whatu Ora, which replaces individual District Health Boards.
“As New Zealand’s health infrastructure undergoes a once in a generation transformation, cyber security has never been so critical in safeguarding health systems, information, and the privacy and safety of patients."
63% of surveyed said they would support a policy that would fine companies that lose customers' data due to weak cybersecurity policies and procedures, and 45% would support a policy that would make it illegal for organisations to pay cyber ransoms.
Of those surveyed, only 26% feel the government is investing enough in cybersecurity.
Digitisation enables new healthcare capabilities, such as virtual healthcare and remote diagnosis. Still, the prevalence of legacy systems is making healthcare providers and sensitive data a soft target, and cybercriminals will be increasingly focussing on it.
“As more Kiwis start using Internet connected personal medical devices, such as heart rate monitors for example, cyber criminals will look to exploit any security vulnerabilities – and clearly that may have serious consequences for users,” adds Nehmy.
“Our research shows that 44% of Kiwis are concerned about personal data collected from at-home medical devices being stolen and leaked online, and 47% say they would be more willing to use at-home devices if the security of their data was guaranteed.”
“Similar to workplace safety, cybersecurity must be a primary concern for boards, executive teams, and business leaders. Organisations that prioritise cybersecurity understand that it is a business issue and not simply an information technology issue, and that stopping cyber-attacks before they occur must be a fundamental part of their business operations.”