Australia’s CI-ISAC secures $6.4 million government grant; set to bolster cyber resilience in healthcare
The CI-ISAC Australia has been awarded a $6.4 million grant from the Australian government to establish a dedicated information-sharing and analysis center for the nation’s healthcare sector. This initiative comes in response to recent cyber-attacks targeting Australian healthcare entities, such as health funds and hospitals, prompting the government to prioritize the health sector as the first to receive formal funding.
With the Australian Government grant, CI-ISAC has created a new Health Cyber Sharing Network (HCSN), which will focus on enabling Australia’s health sector organisations to collaborate and break down information silos, enabling the exchange of valuable cyber security threat information more quickly, within a secure and confidential environment.
The HCSN aims to better equip health sector organisations to manage and mitigate current and emerging cyber security threats. With health and medical organisations joining and participating in CI- ISAC’s HCSN, the cyber threat intelligence that is shared into the network by these organisations, will not only support the overall improvement of cyber resilience across Australia’s health sector, it will further support Australia’s Critical Infrastructure organisations more broadly, which have interdependencies across the health sector.
“The health and medical sector holds a large amount of incredibly private and personal medical and financial information,” David Sandell, CEO of CI-ISAC Australia, said in a statement. “We have already seen several high-profile data breaches in the health sector, and the new network can help members reduce their cyber risks. Cyber- attacks can also greatly disrupt important health services, and this industry cannot afford interruptions with patients’ wellbeing at stake.”
In 2023, the global healthcare industry reported the most expensive data breaches for the 13th year in a row, at an average cost of AUD$10.93 million, almost double that of the financial industry, which ranked second, with an average cost of $5.9 million.
Currently, Australia’s health sector comprises organisations such as public and private hospitals (approximately, 750 government hospitals and 650 private hospitals), health insurance providers, medical clinics (approximately, 6,500 general practitioner clinics), as well as a large number of health and medical- related third-party suppliers and vendors.
CI-ISAC provides a cyber ‘neighbourhood watch’ for Australian health providers to share relevant information on cyber threats, while also benefiting from insights gained from across other critical infrastructure sectors.
The National Cyber Security Coordinator, Michelle McGuinness, said the Health Sector Information Sharing and Analysis Centre Acceleration Grant is an important contribution to Australia’s ambition to become a world leader in cyber security by 2030.
“We have seen in recent years the very real impact that healthcare-related cyber- attacks can have on millions of Australians. Increasing threat information sharing contributes to the prevention of cyber-attacks and builds resilience,” according to McGuinness. “Many in the healthcare sector would know well the philosophy that prevention is better than a cure. This also applies to cyber security and is the driving concept behind this grant.”
She added that strong industry collaboration and enhanced threat detection through the work of CI-ISAC will increase the protection of Australians’ sensitive health data.
To kickstart the HCSN, CI-ISAC is inviting eligible health and medical organisations and their suppliers to participate by providing a complimentary CI-ISAC membership for 12 months to join and participate in this new cyber security information-sharing network. By joining the network, new health members will get access to the depth and breadth of CI-ISAC’s current critical infrastructure member base, providing health organisations with valuable closed-source, cross-sectoral cyber threat intelligence information, from organisations with high cyber maturity.
As a not-for-profit organisation, CI-ISAC facilitates collaboration and the bi- directional sharing of cyber threat intelligence within a trusted, industry-led environment. With the addition of this funding, CI-ISAC will incorporate education for the health sector on mitigating threats, cyber and insider threat training, attack surface monitoring, and improving cyber incident response plans (CIRPs).
CI-ISAC’s current members span Australia’s 11 critical infrastructure sectors, including government, local government, higher education, and industries including energy, water, telecommunications, financial services, data storage and processing, healthcare, and transport. The agency has a membership of over 100 entities, including Google Cloud AU, NBN, AARnet, NextDC, DXC Technology, the Department of Industry, Science and Resources, Challenger Group Services, Transgrid, Sunshine Coast Council, and the University of the Sunshine Coast.
“The value for all sectors increases exponentially as more participants join the trusted network and share their own insights,” Sandell added. “Cross-sector sharing improves incident detection and response times, enabling health organisations and their suppliers to act more swiftly on threats observed in other industries.”
This week, the CI-ISAC appointed David Gee as a new ambassador for the CI-ISAC effective Jan. 30, 2025. Gee brings extensive experience to this role. With over 25 years of leadership in technology, cybersecurity, and risk management, he has played a key role in transforming IT infrastructures and enhancing digital security for major organizations worldwide.
link
