Government invests $6.4 million in cybersecurity network for health sector

CI-ISAC Australia has announced it has been selected as the recipient of an Australian Government $6.4 million grant to create a health-specific, information-sharing and analysis centre for Australia’s healthcare industry.

CI-ISAC is a not-for-profit organisation providing cyberthreat intelligence (CTI) sharing services to members across Australia’s 11 critical infrastructure sectors, government and suppliers. It delivers this by providing both a technical and non-technical platform with which CI-ISAC members can interact to receive CTI and share their own CTI insights and responses. CI-ISAC provides a tailored service with its National Intelligence Office (NIO) curating CTI advice to ensure it is properly prioritised and actioned.

Recent cyber attacks on Australian healthcare organisations, including health funds and hospitals, have led the Australian Government to prioritise the health sector, by identifying it as the first to receive formal funding.

In 2023, the global healthcare industry reported the most expensive data breaches for the 13th year in a row, at an average cost of AU$10.93 million, almost double that of the financial industry, which ranked second, with an average cost of $5.9 million.

Currently, Australia’s health sector comprises organisations such as public and private hospitals (approximately 750 government hospitals and 650 private hospitals), health insurance providers, and medical clinics (approximately 6500 general practitioner clinics), as well as a large number of health and medical-related third-party suppliers and vendors.

With the Australian Government grant, CI-ISAC has created a new Health Cyber Sharing Network (HCSN) which will focus on enabling Australia’s health sector organisations to collaborate and break down information silos, enabling the exchange of valuable cybersecurity threat information more quickly, within a secure and confidential environment.

CI-ISAC provides a cyber ‘neighbourhood watch’ for Australian health providers to share relevant information on cyberthreats, while also benefiting from insights gained from across other critical infrastructure sectors.

The Health Cyber Sharing Network aims to better equip health sector organisations to manage and mitigate current and emerging cybersecurity threats. With health and medical organisations joining and participating in CI-ISAC’s Health Cyber Sharing Network, the cyberthreat intelligence that is shared into the network by these organisations will not only support the overall improvement of cyber resilience across Australia’s health sector, it will further support Australia’s Critical Infrastructure organisations more broadly, which have interdependences across the health sector.

“The health and medical sector holds a large amount of incredibly private and personal medical and financial information,” said David Sandell, CEO of CI-ISAC Australia. “We have already seen several high-profile data breaches in the health sector, and the new network can help members reduce their cyber risks. Cyber-attacks can also greatly disrupt important health services, and this industry cannot afford interruptions with patients’ wellbeing at stake.”

The National Cyber Security Coordinator, Lieutenant General Michelle McGuinness CSC, said the Health Sector Information Sharing and Analysis Centre Acceleration Grant is an important contribution to Australia’s ambition to become a world leader in cybersecurity by 2030.

“We have seen in recent years the very real impact that healthcare-related cyber attacks can have on millions of Australians. Increasing threat information sharing contributes to the prevention of cyber attacks and builds resilience," she said. “Many in the healthcare sector would know well the philosophy that prevention is better than a cure. This also applies to cybersecurity and is the driving concept behind this grant.

“Strong industry collaboration and enhanced threat detection through the work of CI-ISAC will increase the protection of Australians’ sensitive health data.”

To kickstart the Health Cyber Sharing Network, CI-ISAC is inviting eligible health and medical organisations and their suppliers to participate by providing a complimentary CI-ISAC membership for 12 months to join and participate in this new cybersecurity information-sharing network. By joining the network, new health members will get access to the depth and breadth of CI-ISAC’s current critical infrastructure member base, providing health organisations with valuable closed-source, cross-sectoral cyberthreat intelligence information, from organisations with high cyber maturity.

Image credit: iStock.com/everythingpossible