Getting your Trinity Audio player ready...
null

Healthcare is a sector strongly targeted by cyber criminals1, with over 200 notifications of data breaches reported by Australian health service providers in 12 months alone. The industry is increasingly suffering from cyber crime incidents — which occur in Australia every six minutes and are now the leading concern for businesses2.

In addition, regulatory requirements make it a legal obligation for Australian companies to prevent and manage cyber risks, with civil penalties of up to $50 million for failure to protect personal information, significantly increasing the potential loss exposure for healthcare providers.

Why healthcare is highly targeted by cyber criminals

Healthcare data is highly sensitive private information and as the healthcare sector becomes even more digitised and technology driven, hackers are taking advantage of vulnerabilities. Healthcare data is extremely valuable for cyber criminals, potentially for ransom demands due to sensitive client information, and healthcare services interruption.

The sensitive nature of healthcare information can involve substantial compensation claims and regulatory fines if records are lost or stolen so ensuring adequate cybersecurity measures, including detecting breaches, implementing prevention plans and enabling recovery processes, is vital.

When an industry sector is targeted by both cyber attackers and security regulations, taking a proactive approach to risk management, minimisation and containment is absolutely critical.
Robyn Adcock, Gallagher national placement manager Cyber and Technology

Failure to implement these cyber risk measures can lead to legal and reputational consequences for directors and healthcare organisations involved if a cyber breach occurs.

6 top cyber risks in healthcare

  1. Ransomware: If a malicious actor gains unauthorised access to your system and holds it to ransom, this could severely impact your ability to provide healthcare services, resulting in financial loss and potential damage to your reputation.
  2. Data privacy exposure: Unauthorised access to and manipulation of patient or employee information: such as medical records, private health insurance, personal identifiable information and credit card information can lead to regulatory penalties, patient lawsuits, class actions and serious reputational harm.
  3. Medical devices and systems impact: Misconfiguration or failure of medical devices connected to the internet: including mobile devices, mobile platforms and cloud services can result in data breaches and the risk of bodily injury to patients.
  4. IT disruption to critical information processing systems: access to electronic health record systems or cloud storage can also have a severe impact on operational functions.
  5. Business interruption: Reliance on systems and networks to deliver patient care has potentially detrimental consequences if a cyber breach causes downtime, outages and offline activity.
  6. Financial scams: Electronic funds transfer and business email compromise (BEC): falling victim to a fraudulent funds transfer scam involves financial issues and reputational harm.

Healthcare data breach case study: Ransom demand

A private healthcare clinic sustained a cyberattack with hackers threatening to post stolen patient data on a public website unless they received a $20,000+ ransom in bitcoin.

The clinic notified its cyber insurer and immediately accessed incident response team advice on what to do to quickly address the vulnerability. In parallel specialist IT forensics investigators quickly identified that data relating to 3,000 patients had been compromised. Luckily no sensitive medical data had been accessed.

Rather than paying the ransom demand, the clinic accessed guidance from a crisis communications consultant, who recommended notifying affected patients to minimise reputational damage. After taking this approach, the clinic didn't hear from the hackers again.

The clinic's cyber insurance policy covered costs of the IT forensics company and the crisis communications company, less the small policy deductible3.

Essential steps if your healthcare organisation is hacked

  • Notify your insurer: Call the emergency incident response hotline number provided with your cyber policy.
  • Investigate: An incident response manager will gather all available information and advise what you need to do next: such as determining which services to engage (e.g., legal, IT forensic investigators, ransomware negotiators, public relations).
  • Coordinate: The incident response manager will coordinate with the expert services and determine the cause and extent of the damage. This should inform how to develop a strategy to neutralise the threat and reduce reputational harm to your organisation.
  • Contain, eradicate and recover: New issues may be uncovered by the incident response process. Reporting and communication are critical during this phase to enable management and key stakeholders to decide how to tell clients, shareholders and employees what has happened.
  • Post-incident feedback: Once the threat has been neutralised, understanding the cause of the incident is critical to being able to make an informed review of relevant security frameworks to prevent a similar incident from occurring again. The feedback from IT forensic, legal and PR firms can help to improve your incident response plan, processes and procedures.

How cyber insurance can help contain data breach damage

A comprehensive cyber insurance policy covers the following expenses and access to expertise:

  • Breach response (covers cost of mitigating the incident)
  • 24/7 hotline assistance, including: Coordinating access to experts, legal advice, including guidance on privacy obligations, and ransom negotiations
  • IT forensic investigations
  • Crisis management and communications, including customer notifications, credit monitoring and public relations.

Strengthen cyber resilience with strategic planning and insurance

Having a detailed cyber breach response plan and providing preventative employee training are essential components of preparedness. Healthcare providers need to take a structured strategic approach to cyber security through a purpose-designed framework which is maintained, reviewed and updated regularly.

Cyber insurance can provide help with costs and accessing necessary expertise for responding to an attack. Talk to a Gallagher cyber specialist today to learn more about managing and transferring these increased risks.

connect with us

Sources

1 Notifiable data breaches reports 2024, Office of the Australian Information Commissioner, OAIC, 13 May 2025.

2 Cybersecurity remains top concern for Australian businesses, Australian Institute of Company Directors, 1 Oct 2024.

3 CFC Cyber Insurance Guide, CFC, 1 Jan 2023.

Disclaimer

Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient's industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers' control.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312

MORE NEWS & INSIGHTS