sb-as logo
Story image

ForgeRock: Identity security crucial for healthcare providers

Last year in Australia, cyber attacks largely targeted identity credentials, however organisations particularly in the healthcare sector may not be aware of the threat, new research finds.

ForgeRock, a digital identity company, released its 2020 Consumer Identity Breach Report, which looks at Australian cyber incidents against the US, UK and Germany.

OAIC statistics showed that between July and December 2019, 74% of cyber incidents breaches targeted identity credentials, including phishing, stolen or compromised credentials and brute force attacks.

This puts Australia on-par with other markets, where phishing, malware, unauthorised access and ransomware dominated, ForgeRock states.

However, Australia’s healthcare sector only comprised 22% of total breaches reported to the OAIC, far below the UK and U.S, comprising 51.5% and 45% of data breaches respectively.

ForgeRock regional VP James Ross says, with organisations in many sectors often unaware a breach has occurred until after the incident has occurred, this gap is due to Australian healthcare providers remaining unaware that they have been attacked.

Ross says, “A comparison of Australian data breaches against other markets indicates that Australia's healthcare sector may not be aware of the full number of data breaches it is incurring.

“OAIC figures show that the health sector attracted 22% of self-reported data breaches in 2019, far less than 51 and 45% in the UK and the US respectively.

"Since organisations from all sectors often only realise they have suffered a breach when their data appears on the dark web, Australia's healthcare sector may be suffering a higher number of breaches than reported.”

He says, “It's also important to highlight the role of identity in cyber breaches. Between July and December, 74% of malicious or criminal data breaches reported were as a result of compromised identity.

“This means that whether through phishing, stolen or compromised credentials or brute force attacks, malicious actors are elevating attacks through identity access to find personal and sensitive data.”

Ross says as digital transformation is embraced and new solutions are adopted, healthcare organisations in particular should look into actioning more robust security measures.

He says, “As our healthcare, financial services and other sectors move toward API-powered models, whereby multiple organisations can access and leverage data, identity management is only going to become more critical to the security of valuable private information.

“CIOs and CSOs must prioritise identity management alongside threat intelligence and end-point security intaking an identity-first approach that will enable firms to significantly reduce risks whilst enabling innovation through more efficient and secure data access.”

He says, with security experts raising concerns about risks to My Health Record APIs, now is the time for organisations in all sectors to rethink identity and credentials as a cornerstone of cybersecurity policy.