CI-ISAC Australia Debuts Health Cyber Sharing Network

CI-ISAC Australia has been selected as the recipient of an Australian Government AUD6.4 million grant to create a health-specific, information-sharing and analysis centre for Australia’s healthcare industry.

With the Australian Government grant, CI-ISAC has created a new Health Cyber Sharing Network (HCSN) which will focus on enabling Australia’s health sector organisations to collaborate and break down information silos, enabling the exchange of valuable cyber security threat information more quickly within a secure and confidential environment.

The Health Cyber Sharing Network aims to better equip health sector organisations to manage and mitigate current and emerging cyber security threats. With health and medical organisations joining and participating in CIISAC’s Health Cyber Sharing Network, the cyber threat intelligence that is shared into the network by these organisations will not only support the overall improvement of cyber resilience across Australia’s health sector, it will further support Australia’s Critical Infrastructure organisations more broadly, which have interdependencies across the health sector.

Recent cyber-attacks on Australian healthcare organisations, including health funds and hospitals, have led the Australian Government to prioritise the health sector by identifying it as the first to receive formal funding.

In 2023, the global healthcare industry reported the most expensive data breaches for the 13th year in a row, at an average cost of AUD10.93 million, almost double that of the financial industry, which ranked second, with an average cost of AUD5.9 million.

Currently, Australia’s health sector comprises organisations such as public and private hospitals (approximately, 750 government hospitals and 650 private hospitals), health insurance providers, medical clinics (approximately, 6,500 general practitioner clinics), as well as a large number of health and medical-related third-party suppliers and vendors.

“The health and medical sector holds a large amount of incredibly private and personal medical and financial information,” said CI-ISAC Australia CEO David Sandell. “We have already seen several high-profile data breaches in the health sector, and the new network can help members reduce their cyber risks. Cyberattacks can also greatly disrupt important health services, and this industry cannot afford interruptions with patients’ wellbeing at stake.”

The National Cyber Security Coordinator, Lieutenant General Michelle McGuinness, said the Health Sector Information Sharing and Analysis Centre Acceleration Grant is an important contribution to Australia’s ambition to become a world leader in cyber security by 2030.

“We have seen in recent years the very real impact that healthcare-related cyberattacks can have on millions of Australians,” she said. “Increasing threat information sharing contributes to the prevention of cyber-attacks and builds resilience. Many in the healthcare sector would know well the philosophy that prevention is better than a cure. This also applies to cyber security and is the driving concept behind this grant.”

To kickstart the Health Cyber Sharing Network, CI-ISAC is inviting eligible health and medical organisations and their suppliers to participate by providing a complimentary CI-ISAC membership for 12 months to join and participate in this new cyber security information-sharing network.
By joining the network, new health members will get access to the depth and breadth of CI-ISAC’s current Critical Infrastructure member base, providing health organisations with valuable closed-source, cross-sectoral cyber threat intelligence information from organisations with high cyber maturity.

As a not-for-profit organisation, CI-ISAC facilitates collaboration and the bi-directional sharing of cyber threat intelligence within a trusted, industry-led environment. With the addition of this funding, CI-ISAC will incorporate education for the health sector on mitigating threats, cyber and insider threat training, attack surface monitoring, and improving cyber incident response plans.

CI-ISAC’s current members span Australia’s 11 Critical Infrastructure sectors, including government, local government, higher education, and industries including energy, water, telecommunications, financial services, data storage and processing, healthcare, and transport. Its existing 100+ members include Google Cloud AU, NBN, AARnet, NextDC, DXC Technology, the Department of Industry, Science and Resources, Challenger Group Services, Transgrid, Sunshine Coast Council, and the University of the Sunshine Coast.

“The value for all sectors increases exponentially as more participants join the trusted network and share their own insights,” said Sandell. “Cross-sector sharing improves incident detection and response times, enabling health organisations and their suppliers to act more swiftly on threats observed in other industries.”