$6.4m to combat health sector cyber threat


Brandon How
Reporter

The federal government has awarded $6.4 million to an industry-funded cyber threat intelligence network to establish a information sharing and analysis centre for the healthcare sector.

The Critical Infrastructure Information Sharing and Analysis Centre (CI-ISAC), a not-for-profit, will use the funding to bring on additional full-time staff and upgrade its technical information sharing platform.

Its new Health Cyber Sharing Network will offer memberships to the healthcare industry free of charge for 12 months, with the intention that the network will become self sufficient through fees at the end of the grant period.

The funding from the Health Sector Information Sharing and Analysis Centre Acceleration Grants Program delivers on the federal government’s commitment to fund a health-dedicated ISAC as a part of its 2023-2030 Cyber Security Strategy.

CI-ISAC chief executive David Sandell told InnovationAus.com the funding will allow the centre to boost its full-time equivalent staff from three-and-a-half to 15, with new roles to be focused on the healthcare sector.

The additional staff will add to the roughly 20 existing volunteers supporting information sharing across Australia’s 11 critical infrastructure sectors, including energy, finance and transport.

The new grant funding, awarded late last month, will also fund upgrades to CI-ISAC’s technical platform for information sharing, including new intelligence feeds, as well as education and training programs.

Members of the Health Cyber Sharing Network will receive education on mitigating cyber and insider threats, and monitoring the attack surface. It will also assist with improving cyber incident response plans.

Mr Sandell said it is “extremely important” the healthcare sector be supported with a dedicated ISAC given the “large amount of incredibly private and personal medical and financial information” it holds.

According to the group, the healthcare sector has experienced the most expensive data breaches of all sectors for the last 13 years, as of 2023. The cost of each data breach comes in at around $11 million on average.

Mr Sandell said the new Health Cyber Sharing Network forms a “nice symbiotic relationship” with the other CI-ISAC members, which will also benefit from the upgrades to the technical platform and increased information sharing.

The CI-ISAC currently facilitates cyber threat information sharing and analysis for more than 100 members including the federal industry department, Google Cloud AU, NBN, AARnet, NextDC, and DXC Technology.

While the centre doesn’t have “hard numbers” on the effectiveness of threat sharing, Mr Sandell said, “we’ve got an almost 100 per cent renewal rate in terms of members, and we’re going into the third cycle”.

The Health Cyber Sharing Network is already receiving information from the Australian Cyber Security Centre’s Cyber Threat Intelligence Sharing service, and will stand to benefit from an intelligence sharing arrangement with the global Health-ISAC.

The CI-ISAC is currently working to deepen the partnership, which began in March 2024, to enable access to more products, services and events under the initial memorandum of understanding.

Project Secure Health was also initiated last year in collaboration with Cloudflare to provide Australian general practitioner clinics with less than 50 staff free access to the multinational’s network security products in addition to CI-ISAC intelligence.

National Cyber Security Coordinator Lieutenant General Michelle McGuinness said the Health Sector Information Sharing and Analysis Centre Acceleration grant will help prevent cyber attacks and build resilience.

“Strong industry collaboration and enhanced threat detection through the work of CI-ISAC will increase the protection of Australians’ sensitive health data,” Ms McGuinness said.

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories