Management at Check Point Software and WatchGuard Technologies have responded regarding the OAIC 1H 2023 Notifiable Data Breaches Report.

Sadiq Iqbal, Security Engineering Manager for the Office of the CTO at Check Point Software Technologies, says: "The OAIC report has highlighted ransomware as the top cyberattack resulting from cybersecurity incidents in the first half of 2023, a statistic we completely agree with."

According to Check Point's research statistics, the average number of ransomware attacks per organisation in the same period was 843 in Australia. At the same time, New Zealand stood at 1,230, troubling numbers for the region.

Iqbal continues: "Once again, as reported, the OAIC report notes that the healthcare sector has been hit with the most number of data breaches of any industry and what with the prevalence of ransomware attacks, the industry continues to face the prospect of financial loss and breach of privacy." 

Iqbal says attackers continue to see healthcare as a target sector for several reasons. This may include how many hospitals rely on a blend of old and new technologies, many of which are either not managed or forgotten due to improper documentation. This issue has increased as more Internet of Things and medical devices are added.

At the same time, Iqbal highlights how Australia's current cybersecurity skills shortage also means a lack of expertise to help manage the widening attack surface.

"Add these factors together, and hackers see a high-value target with a large threat surface and many potential points of entry," says Iqbal.

"Healthcare organisations should take a preventative approach to their cyber security practices in both technology adoption and ensuring a security-minded culture takes hold."  

"Educating the staff on why cybersecurity is important through good information security practices should become as second nature to the healthcare organisation as maintaining hygienic conditions and adopting a zero-trust model within the organisation."

"Limiting who has access to confidential patient and healthcare data can help to prevent further attacks," concludes Iqbal.  

Anthony Daniel, Regional Director, Australia, New Zealand and Pacific Islands, Watchguard Technologies, also comments: "As in previous reports, the healthcare sector continues to suffer the most data breaches reported of any industry in Australia and would be well advised to understand its weaknesses and improve its security posture from the ground up."  

"Hospitals are a lucrative target for hackers seeking to sell sensitive patient data."

In an industry beset with staff shortages, Daniel urges healthcare facilities to mitigate the risk of cybersecurity attacks and have a strong cybersecurity posture, including robust incident and response plans and preventive measures such as password hygiene, threat detection, and real-time monitoring capabilities. 

In addition, Daniel affirms the importance of aggressive patching, regular backups, and prioritising employee awareness training, which is essential to safeguarding valuable data and ensuring patient protection.

"At the same time, while this latest report highlights that the majority of breaches affected 100 or fewer individuals, these statistics emphasise that data breaches continue to be a significant concern for organisations across various sectors," says Daniel. 

"At the end of the day, the report reinforces the need for businesses of all sizes to remain vigilant, keep all hardware and software devices up to date, enhance security posture with multi-factor authentication, and implement measures to safeguard sensitive information."