Online threats to health agencies are now so common, they outnumber attacks of finance and insurance firms, and ransoms paid to criminals are up by more than 400 per cent to an average of $1.12 million.

Royal Flying Doctor Service Queensland chief technology officer Adam Carey said threats to the organisation had become so bad it was forced to employ greater security amid concerns one successful attack could prevent injured patients being seen on time.

The health warning comes after cybersecurity firm Darktrace conducted an “early indicator analysis” of ransomware attacks in Australia and found attempts to infiltrate healthcare networks doubled in Australia last year compared to 2020.

And the ransomware attacks are still soaring, rising another 37 per cent between January and March this year.

Darktrace enterprise security director Tony Jarvis said hospitals and other services had been used as a “testing ground” by ransomware gangs in the past but became their biggest target during the pandemic.

“When we’re talking about hospitals and health care, these critical organisations can’t function without access to their IT systems so you could argue they might have lives on the line,” he said.

“Hospitals are overwhelmed, they’re under-resourced, and it’s almost like a perfect storm for attackers.”

Mr Jarvis said low budgets, complicated and antiquated technology, and highly sensitive patient data made healthcare “a golden opportunity for attackers” willing to overlook the risk to patients.

At the Royal Flying Doctor Service, for example, an alarming number of attacks on executives forced the group to take action to protect its data, Mr Carey said, including vital patient records.

Criminals regularly targeted executives with messages to trick them into installing ransomware or paying fake invoices, he said.

“Our CFO and CEO get very cleverly crafted, targeting phishing attempts all the time,” he said.

“We’re even seeing supply chain infiltration where they’re trying to simulate being a supplier and putting in invoices for automatic payment and hoping that they’ll get in that way.

“It’s all about exfiltrating money from any soft target. They don’t care that we provide an excellent service to the community; they have absolutely no ethics or morals whatsoever.”

Mr Carey said the service employed Rubrik to set up “immutable” backups to ensure it could always access up-to-date data, limited who could access systems within the company, employed multi-factor authentication, and provided staff training about incoming cyber threats.

The investment, he said, was necessary as the service had “no tolerance for a cyber incident” as it could impact the 98,000 patient flights it makes each year.

“Even if we did pay a ransom and there was downtime, that downtime would have a significant effect on people and after only a short time it would have a pretty big impact on patient care,” he said.

“If anything like that impacted on patient care, we’d be in a very bad place. The RFDS is the most reputable charity in Australia, 10 years running, and it’s important that reputation is protected.”

A recent international survey undertaken by Sophos also showed ransoms demanded by hackers skyrocketed from an average of $236,000 in 2020 to more than $1.12 million in 2021.

Researchers also found almost half of organisations hit by ransomware paid criminals to retrieve their information.

The Australian Cyber Security Centre recommends victims to not pay criminal ransoms and contact its hotline for advice on 1300 CYBER1.

Originally published as ‘Lives on the line’: attacks against hospitals, health services double in Australia