CI-ISAC Australia has been selected as the recipient of an Australian Government $6.4 million grant to create a health-specific, information-sharing and analysis centre for Australia’s healthcare industry.
Recent cyber-attacks on Australian healthcare organisations, including health funds and hospitals, have led the Australian Government to prioritise the health
sector, by identifying it as the first to receive formal funding.
In 2023, the global healthcare industry reported the most expensive data breaches for the 13th year in a row, at an average cost of AUD$10.93 million, almost double that of the financial industry, which ranked second, with an average cost of $5.9 million.
Currently, Australia’s health sector comprises organisations such as public and private hospitals (approximately, 750 government hospitals and 650 private
hospitals), health insurance providers, medical clinics (approximately, 6,500 general practitioner clinics), as well as a large number of health and medical related third-party suppliers and vendors.
With the Australian Government grant, CI-ISAC has created a new Health Cyber Sharing Network (HCSN) which will focus on enabling Australia’s health sector
organisations to collaborate and break down information silos, enabling the exchange of valuable cyber security threat information more quickly, within a
secure and confidential environment.
CI-ISAC provides a cyber ‘neighbourhood watch’ for Australian health providers to share relevant information on cyber threats, while also benefiting from insights gained from across other critical infrastructure sectors.
The Health Cyber Sharing Network aims to better equip health sector organisations to manage and mitigate current and emerging cyber security threats. With health and medical organisations joining and participating in CI-ISAC’s Health Cyber Sharing Network, the cyber threat intelligence that is shared into the network by these organisations, will not only support the overall improvement of cyber resilience across Australia’s health sector, it will further support Australia’s Critical Infrastructure organisations more broadly, which have interdependencies across the health sector.
“The health and medical sector holds a large amount of incredibly private and personal medical and financial information,” said David Sandell, CEO of CI-ISAC
Australia. “We have already seen several high-profile data breaches in the health sector, and the new network can help members reduce their cyber risks. Cyberattacks can also greatly disrupt important health services, and this industry cannot afford interruptions with patients’ wellbeing at stake.”
The National Cyber Security Coordinator, Lieutenant General Michelle McGuinness CSC, said the Health Sector Information Sharing and Analysis Centre Acceleration Grant is an important contribution to Australia’s ambition to become a world leader in cyber security by 2030.
“We have seen in recent years the very real impact that healthcare-related cyberattacks can have on millions of Australians. Increasing threat information sharing contributes to the prevention of cyber-attacks and builds resilience,” Lieutenant General McGuinness said.
“Many in the healthcare sector would know well the philosophy that prevention is better than a cure. This also applies to cyber security and is the driving concept behind this grant.
“Strong industry collaboration and enhanced threat detection through the work of CI-ISAC will increase the protection of Australians’ sensitive health data.”
To kickstart the Health Cyber Sharing Network, CI-ISAC is inviting eligible health and medical organisations and their suppliers to participate by providing a
complimentary CI-ISAC membership for 12 months to join and participate in this new cyber security information-sharing network. By joining the network, new
health members will get access to the depth and breadth of CI-ISAC’s current Critical Infrastructure member base, providing health organisations with valuable
closed-source, cross-sectoral cyber threat intelligence information, from organisations with high cyber maturity.
As a not-for-profit organisation, CI-ISAC facilitates collaboration and the bidirectional sharing of cyber threat intelligence within a trusted, industry-led environment. With the addition of this funding, CI-ISAC will incorporate education for the health sector on mitigating threats, cyber and insider threat training, attack surface monitoring, and improving cyber incident response plans (CIRPs).
CI-ISAC’s current members span Australia’s 11 Critical Infrastructure sectors, including government, local government, higher education, and industries including energy, water, telecommunications, financial services, data storage and processing, healthcare, and transport. Its existing 100+ members include Google
Cloud AU, NBN, AARnet, NextDC, DXC Technology, the Department of Industry, Science and Resources, Challenger Group Services, Transgrid, Sunshine Coast
Council, and the University of the Sunshine Coast.
“The value for all sectors increases exponentially as more participants join the trusted network and share their own insights,” Sandell added. “Cross-sector
sharing improves incident detection and response times, enabling health organisations and their suppliers to act more swiftly on threats observed in other
industries.”
