Get a Quote

  • Max. file size: 32 MB.
  • This field is for validation purposes and should be left unchanged.
20
Oct

Surging Cyber Threats in Healthcare

Australian healthcare faces a steep rise in cyber risks, growing in scale and sophistication.Cybercriminals are keenly seeking systems holding patient records, research results, financial data, and billing information. These are high-value assets that make healthcare uniquely attractive.Unlike other sectors, providers cannot afford downtime, so attackers know a breach can delay treatment, trigger investigations, damage trust, and create costly recovery bills.

What the Figures Show

The average cost of a healthcare breach in Australia hit AUD $10.93 million in 2023, nearly double that of the finance sector.

Eftsure data confirms that between July 2023 and June 2024, healthcare accounted for more cyber events than any other non-government sector—beating financial services, education, and even transport infrastructure.

In early 2024, healthcare reported 102 breaches; the most of any sector.

Two in five healthcare organisations faced cyber incidents in 2023, and over 90% involved personal data.

Generative AI – Tool and Threat

Generative AI is driving change for both attackers and defenders in healthcare. Attackers now use AI for phishing, deepfakes, and scanning weak points, while clinics use it to spot anomalies and respond faster.

Holocron Cyber tracked a 63% surge in AI-driven ransomware bombarding Australian medical practices over just three months.

The CyberCX report warns AI is both opportunity and threat, with weak oversight increasing exposure. There has also been a 71% year-on-year rise in global attacks on healthcare, driven by the unpredictable advances in AI.

Which Healthcare SMEs Are Under Greatest Risk

GP clinics, physiotherapists, consultancies, and aged care homes are up to ten times more likely to be attacked than hospitals.

Rapid digitisation and technology debt (old systems) make these sub-sectors prime ransomware targets.

In particular, aged care groups are especially exposed, encountering more extortion-driven cyber incidents than other types, compounded by leaks of deeply personal information. That’s according to the Australian Ageing Agenda.

What This Means for Costs and Response

Australian healthcare ransomware cases have reached a four-year record high according to industry trackers. Only one in five recovered within a week; most took over a month.

Eftsure says 73% of ransomware cases led to service delays or interruptions in patient care, with average downtime of 34 days. Regulatory compliance costs for smaller healthcare organisations have also topped $120 million in the past year, with penalties growing for those not keeping pace with requirements.

Business email compromise (BEC) is still a favoured tactic. CyberCX’s threat report found that 75% of BEC breaches dodged multi-factor authentication by hijacking sessions, according to CyberCX’s findings.

Protecting Against the Next Wave

SMEs can boost defences and cut risk by taking these practical steps, which insurers have widely endorsed:

  • Update legacy systems: prioritise patching, close security gaps from old tech, and replace unsupported apps
  • Secure authentication: require multi-factor authentication, guard against session hijacks, and limit staff access to sensitive records
  • Staff awareness: run regular phishing simulations, train teams on digital hygiene, and set clear access rules
  • Backup and recovery planning: run frequent, tested backups, consider off-site or cloud storage, and emergency restore drills
  • Review insurance cover: ensure policies cover new risks, such as AI-enhanced threats, regulatory fines, extortion, and business downtime

A quarter of Australian hospitals lack robust cyber protection protocols. That leaves patients, clinicians, and even suppliers exposed to fraud.

Almost 9 in 10 people ask about data security before choosing a provider, and a third are highly worried about leaks.

Cover That Keeps Pace with Cyber Threats

Partnering with us makes all the difference

We’re here to help check if your policy stacks up against emerging cyber threats, spot gaps you might not see, and keep your business on the front foot if something happens. Cyber risks in Australian healthcare aren’t just a headline; threats are happening now. Let’s get your cover and readiness sorted, so you’ll be prepared whenever a cyber incident arises.

 

Article Supplied by OneAffiniti

Photo by Leo Wolfert

More Articles

20
Oct
Generational Handover Risks: Family Business Succession Planning

Transitioning a family business to the next generation can be rewarding, but it’s also fraught with risks if planning is poor.

Read More
20
Oct
Top 10 Challenges Facing Small and Medium Businesses in 2025

Australia’s SMEs are navigating a complex environment in 2025. Economic volatility, regulatory complexity, and evolving security threats have created a perfect storm of pressures that test the resilience of even the most established businesses.

Read More
20
Oct
Surging Cyber Threats in Healthcare

Australian healthcare faces a steep rise in cyber risks, growing in scale and sophistication.

Read More
20
Oct
AI Cyber Threats Are Changing SMEs’ Risk

Australian SMEs are discovering that cybercrime has evolved far beyond obvious phishing attempts.

Read More
16
Sep
The Annual Risk Health Check: Why Every SME Needs It

Your business can change a lot in a year – expanding, shifting online, hiring staff, or upgrading equipment.

Read More
16
Sep
No Office, No Servers—No Insurance? Think Again

Across Australia, more businesses are operating without offices or in-house servers, choosing cloud-based platforms instead. Remote and flexible work has accelerated this switch for thousands of SMEs.

Read More

Get in touch today.

Book an appointment, lodge a claim or contact us to find out more about our full range of insurance services.

Book An Appointment Submit a Claim Contact Us