- Exclusive
- Technology
- Cybersecurity
Healthcare and finance the hardest hit by cyberattacks
By David Swan
The Australian healthcare sector was the hardest hit by cyberattacks in the past 12 months, new research has found, amid warnings the cyber threat landscape is continuing to deteriorate.
A report from the nation’s largest cybersecurity firm, CyberCX, found that healthcare remained the most impacted Australian industry for cyberattacks in 2024, accounting for 17 per cent of all attacks, followed by financial services (11 per cent) and education (8 per cent).
About half of the population – 12.9 million Australians – had their data stolen in an attack on electronic prescription provider MediSecure in April, making it one of the largest cyberattacks in Australian history. Some 6.5 terabytes of data, including insurance numbers and names and addresses, was later published for sale on a Russian hacking forum. MediSecure appointed liquidators and went into administration in June.
Healthcare accounts for 17 per cent of all cyberattacks.Credit: Getty Images
It followed a December 2023 cyberattack on St Vincent’s, the nation’s largest not-for-profit health and aged care provider, and a hack on Medibank that resulted in the personal details of 9.7 million current and former customers being published on the dark web.
Statistics show at least half of the Australian population has now been affected by a data breach, though it’s difficult to estimate the exact percentage.
CyberCX’s executive director of digital forensics and incident response, Hamish Krebs, said the most impacted sectors were industries holding significant amounts of sensitive personal data, with healthcare at the top of the list. CyberCX worked with Medibank on its incident response as well as St Vincent’s, DP World and Latitude when they suffered cyberattacks.
“Despite the best efforts of defenders over the past 12 months, the global cyber threat landscape has continued to deteriorate,” Krebs said.
CyberCX’s Hamish Krebs says the most impacted sectors were industries holding significant amounts of sensitive personal data.Credit: AFR
“Adversaries are evolving their tactics and upping the tempo of attacks.
“And the healthcare industry in particular is unique. If you walk into a hospital, it’s really common to see computers unlocked, and the password stuck on the computer monitor. Because you’ve got to get to that computer to get someone some medicine, and that’s a different sort of environment to other critical bits of infrastructure.”
The Federal Court last year heard allegations from The Office of the Australian Information Commissioner that one of Medibank’s IT service desk operators had saved his Medibank username and password for a number of Medibank accounts to his personal internet browser profile on his work computer. The contractor’s admin account, which was obtained by a hacker, allowed access to most of Medibank’s system.
The report revealed that business email compromise remained the top incident type in 2024. BEC is a type of phishing attack that involves criminals sending fake emails to trick people into sending money or revealing sensitive information.
Cyber espionage incidents are also going unnoticed for longer, rising to an average time to detect of more than 400 days, up from 390 in 2023. In the case of Medibank, the hacker was allegedly able to remain in the company’s network for about two months, between August and October 2022.
Krebs said that increase was largely due to a change in strategy from hackers.
“It means, overall, that defenders aren’t winning,” he said. “And rather than going for a smash and grab, bad actors are often being stealthy and slow, and sitting inside networks for ages … The Chinese in particular are doing more of that.
“Cybersecurity is hard, and unfortunately, this stuff is going to keep happening and we’re getting more of it, not less.”
The vast majority of cyber incidents are financially motivated, rather than geopolitical or espionage-related, the research found. Almost two-thirds (65 per cent) of attacks were financially motivated, followed by incidents where the motivation was unknown (27 per cent) and espionage (5 per cent).
Research from cybersecurity firm Surfshark found that Australia ranked 11th globally for accounts breached in 2024, with 47 million breached accounts, a rate 12 times higher than it was in 2023.
It found that one user account was breached in Australia every second throughout 2024, and since 2004, Australia has had a total of 193 million user accounts exposed.
The Market Recap newsletter is a wrap of the day’s trading. Get it each weekday afternoon.