Image: Shutterstock

CI-ISAC Australia has been selected as the recipient of an Australian Government $6.4 million grant to create a health-specific, information-sharing and analysis centre for Australia’s healthcare industry. 

Recent cyber-attacks on Australian healthcare organisations, including health funds and hospitals, have led the Australian Government to prioritise the health sector, by identifying it as the first to receive formal funding.

In 2023, the global healthcare industry reported the most expensive data breaches for the 13th year in a row, at an average cost of AUD$10.93 million, almost double that of the financial industry, which ranked second, with an average cost of $5.9 million.

Currently, Australia’s health sector comprises organisations such as public and private hospitals (approximately, 750 government hospitals and 650 private hospitals), health insurance providers, medical clinics (approximately, 6,500 general practitioner clinics), as well as a large number of health and medical-related third-party suppliers and vendors.

With the Australian Government grant, CI-ISAC has created a new Health Cyber Sharing Network (HCSN) which will focus on enabling Australia’s health sector organisations to collaborate and break down information silos, enabling the exchange of valuable cyber security threat information more quickly, within a secure and confidential environment.

CI-ISAC provides a cyber ‘neighbourhood watch’ for Australian health providers to share relevant information on cyber threats, while also benefiting from insights gained from across other critical infrastructure sectors.

The Health Cyber Sharing Network aims to better equip health sector organisations to manage and mitigate current and emerging cyber security threats.  With health and medical organisations joining and participating in CI-ISAC’s Health Cyber Sharing Network, the cyber threat intelligence that is shared into the network by these organisations, will not only support the overall improvement of cyber resilience across Australia’s health sector, it will further support Australia’s Critical Infrastructure organisations more broadly, which have interdependences across the health sector.

“The health and medical sector holds a large amount of incredibly private and personal medical and financial information,” said David Sandell, CEO of CI-ISAC Australia. “We have already seen several high-profile data breaches in the health sector, and the new network can help members reduce their cyber risks. Cyber-attacks can also greatly disrupt important health services, and this industry cannot afford interruptions with patients’ wellbeing at stake.”

The National Cyber Security Coordinator, Lieutenant General Michelle McGuinness CSC, said the Health Sector Information Sharing and Analysis Centre Acceleration Grant is an important contribution to Australia’s ambition to become a world leader in cyber security by 2030.

“We have seen in recent years the very real impact that healthcare-related cyber-attacks can have on millions of Australians. Increasing threat information sharing contributes to the prevention of cyber-attacks and builds resilience,” Lieutenant General McGuinness said.    

“Many in the healthcare sector would know well the philosophy that prevention is better than a cure. This also applies to cyber security and is the driving concept behind this grant.

“Strong industry collaboration and enhanced threat detection through the work of CI-ISAC will increase the protection of Australians’ sensitive health data.”