Cybersecurity in Australia’s healthcare in a positive trend

The Australian healthcare sector is on the right track in cybersecurity, with boards and executive groups heavily invested in bolstering it.

Australia’s cybersecurity in the healthcare sector is seeing a positive trend, following the appropriate funding and growing team working on strengthening cybersecurity measures.

Ryan La Roche, GM Digital Security at St. John of God Healthcare, said that there has been a lot of interest in the Australian region in general and the healthcare sector has benefited from it.

“From my observations, we're seeing boards, very engaged executive groups, very engaged in cybersecurity. The appropriate amount of capital and budget has been assigned, teams have been enabled to grow, so I think it's all trending in a really positive direction,” he said.

La Roche emphasised a multi-pronged approach when asked about the cybersecurity measures needed when healthcare providers collaborate with third-party providers, saying that it needs to start very early in the relationship.

“They should be working very closely with legal and procurement departments to get the right kinds of terms and conditions within contracts to put your third parties on the hook to deliver their services in line with minimum standards around cybersecurity,” he explained.

He said that collaborative efforts between healthcare providers and legal and procurement departments can lay down stringent terms and conditions within contracts, adding the importance of a program that offers the right to audit these third parties, thus maintaining continuous oversight of the risk profile.

“Also having tooling in place just to detect if things do go through the cracks. And they don't go via those normal legal and procurement challenge channels that you're able to identify them and and remediate them as they come about,” he added.

La Roche pointed out that merely increasing the budget for cybersecurity efforts isn't a complete solution, emphasising that the more significant challenge lies in establishing a culture of cybersecurity awareness throughout the organisation.

“You can have investment in cybersecurity tooling. But ultimately, if nobody outside of the cybersecurity function cares about cybersecurity and doesn't feel an ownership around cybersecurity, things are always going to break down; people are almost always the point of failure in a cyber attack,” he said.

“So that effort to build cyber culture in an organisation and that effort to build joint ownership for every last person within an organisation, having to play a role with cybersecurity, is equally as important as just investing money and building out cyber capabilities,” La Roche finished.