Healthcare most vulnerable to cyberattacks in Australia: report

“Every seven minutes, a cybercrime is reported in Australia”

The healthcare industry was found to be the most affected sector by data breaches in Australia, according to the 2023 ForgeRock Identity Breach Report. 

Cyberattacks in healthcare contributed 16% of all the 890 data breaches recorded in Down Under last year, followed by finance (13%), and legal, accounting and management services with (7%), the report showed, citing compiled data from the government.

It said personal contact information like home addresses, phone numbers, and email addresses, was the most frequently sought-after information in data breaches recorded in the first half of 2022, similar to results in the preceding two years. 

Other sensitive data that were mostly targeted were identity information, financial details, health information and tax file numbers. 

Across all nations studied, which also includes Germany, UK and Singapore, ForgeRock said different sectors reported varying levels of resilience to cyberattacks with financial services, government, and retail showing fewer breaches due to stronger authentication practices, while healthcare and education showing weaker cybersecurity.

“Targeted attacks on third party service providers in healthcare and education demonstrate the need to deepen cybersecurity practices across their ecosystems,” it said. “While some industries have become more resilient, others remain vulnerable to attack."

In Australia alone, organisations filed over 76,000 cybercrime reports for the 2021-2022 financial year based on official records, up 13% previously indicating that cyberattacks were reported every seven minutes across the country. 

“Following high-profile incidents, including the Optus data breach in September and the Medibank data breach in October, which led to the spread of sensitive customer information on the dark web, there is rising concern about the local threat landscape,” it said.

The growing risk was met with increased budget for cybersecurity by the government, but ForgeRock noted that more can be done especially in terms of education to help the investments deliver meaningful business results.

Considering emergent cyber threats across industries, ForgeRock recommended focusing on eight strategic areas to prevent data breaches that include a Zero Trust framework and AI-driven threat protection systems.

The report also found how one stolen identity of a single authorized user can trigger a massive breach and third-party breaches posing a growing threat across all countries studied.