Why COVID-19 has made the health sector vulnerable to cybercrime

The healthcare sector has become an attractive target when it comes to cybercrime due to the high volume of sensitive patient information and the more likeliness to get paid ransom. According to an industry whitepaper by cyber security firm Kroll, there are five key vulnerability points in this section.

These are:

  • Rapid shift to remote working
  • Expansion of telehealth
  • Workforce under pressure
  • Interoperability
  • PPE shortages

Telehealth services and increased pressure on the industry have led to an 86% increase in healthcare data breach notification cases globally between March and September 2020.

The Notifiable Data Breaches Report written by the Office of the Australian Information Commissioner (OAIC) found that the healthcare industry experienced the most data breaches than any other industry. Between January and June 2020, the industry had 22% of notifiable data breaches.

Referring to the image below, these charts in the Notifiable Data Breaches Report show that health service providers are almost the most targeted industry in all cyber incidents.

How can we prepare to reduce these data breaches?

Louisa Vogelenzang, Associate Managing Director and Asia-Pacific lead for Identity Theft and Breach Notification services at Kroll, has identified the main areas for improvement.

  • Ensure multi-factor authentication is enabled for remote access.
  • Ensure security awareness programs are in place, and they include how to spot and report phishing emails, and best practices for sharing sensitive information.
  • Conduct reviews of third-party service providers.
  • Have an incident response plan, which includes scenarios such as ransomware and data breaches.

Additional findings in this whitepaper are that email compromise and malware has accounted for 62% of incidents reported this year. Other reports have found that Medicare numbers, medical insurance and credit care information is being stolen in these attacks and being sold on the dark web.

As telehealth services are increasing in the future, it is important that the healthcare industry have a good third-party risk assessment program to review security concerns and prepare for when an event such as a data breach occurs.


Hospital and Healthcare. 2020, Five reasons why COVID-19 has left the health sector vulnerable to cybercrime, Hospital and Healthcare, viewed December 1 2020, <https://www.hospitalhealth.com.au/content/technology/article/five-reasons-why-covid-19-has-left-the-health-sector-vulnerable-to-cybercrime-1158220727#axzz6fK0gWIqo>.

Office of the Australian Information Commissioner. 2020, Notifiable Data Breaches Report: January-June 2020, Australian Government, viewed December 1 2020, <https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-statistics/notifiable-data-breaches-report-january-june-2020/>.

Adelaide Office
Melbourne Office
Sydney Office
Brisbane Office