The Australian understands security agencies have concerns over the vulnerabilities of Australia’s healthcare network, including hospitals, aged-care homes and medical research facilities, amid a surge in cyber-attacks during the COVID-19 pandemic.

The has also released advice for aged-care providers, with cyber-attackers attempting to scrape sensitive data and compromise systems.

Across the globe, cyber threat levels have increased following a series of successful and attempted attacks on hospital systems. In September, German police launched a homicide investigation after a woman died following a cyber-attack on the Dusseldorf University Hospital where hackers disabled computer systems.

The FBI last month warned the US healthcare system was facing an “increased and imminent” threat as cyber-criminals target hospital information systems.

The Australian understands the Morrison government’s overhaul of critical infrastructure laws is heavily focused on boosting the cyber defences of health sector ­organisations and research facilities. The Department of Home Affairs said under draft legislation, a “positive security obligation” would apply to public and private hospitals with general ­intensive care units.

Under the stricter regime, hospitals would be required to strengthen “resilience of … essential services by embedding preparation, prevention and mitigation activities into ongoing business practices”.

“Critical hospitals will be ­required to develop, and keep up to date, a critical infrastructure risk management program to manage any hazards which pose a material risk of impacting on the availability, integrity or confidentiality of the hospital,” a Department spokeswoman said.

The federal government’s ­exposure draft of the Security Legislation Amendment (Critical Infrastructure) Bill, released last week, will extend regulatory ­security obligations outside the electricity, gas, water and maritime sectors to include health, banking, finance, food and grocery, transport, higher education and defence industry companies and institutions.

The Office of the Australian Information Commissioner lists healthcare providers, ahead of the finance, superannuation, education and insurance sectors, as recording the most reported data breaches in the country.

Regis Aged Care — one of the nation’s biggest nursing home ­operators — in August confirmed it had been targeted in a cyber ­attack by an “overseas third party”. The attack copied data from the company’s IT system and released personal data.

The ACSC, which falls under the Australian Signals Directorate, currently lists the cyber threat to hospitals and aged-care operators as “critical”.

“The ACSC is aware of recent ransomware campaigns targeting the aged-care and healthcare sectors,” the August update said.

“Cyber-criminals view the aged-care and healthcare sectors as lucrative targets for ransomware attacks. This is because of the sensitive personal and medical information they hold, and how critical this information is to maintaining operations and ­patient care. A significant ransomware attack against a hospital or aged-care facility would have a major impact.”

The NHS in Britain was hit by WannaCry ransomware in 2017, crippling the systems of hospitals and GPs across the country.

As the global race to secure vaccines intensifies, security agencies are on high alert for increased cyber risks and the spread of disinformation. Five Eyes cyber security partners have increased targeting of state-based actors, linked with Russia and China, following spikes in coronavirus disinformation cyber campaigns and attempts to steal sensitive COVID-19 vaccine data.

More related stories

Politics

PM’s claim of US unity ticket on Israel undermined by ceasefire call

Senior US officials have committed only to a ceasefire in Gaza while endorsing IDF operations targeting Hezbollah in Lebanon, which is at odds with Labor’s controversial condolence motion.

Read more

Nation

Burke admits no onshore visas cancelled for recent Gaza arrivals

Home Affairs Minister Tony Burke says none of the visitor visas for people fleeing Gaza have been cancelled after their arrival in Australia despite months of pro-Palestine protests where terrorist group symbols were displayed | WATCH QUESTION TIME LIVE

Read more