eHealth NSW looking at next generation of security professionals
NSW Health has teamed up with the Australian Computer Society (ACS) to offer internships to undergraduate students in architecture and cyber security in healthcare, based at eHealth NSW's headquarters in Sydney's Chatswood.
eHealth NSW chief information security officer Gilbert Verdian said the partnership was aimed at fast-tracking career paths to get people interested in the area, which was in the headlines this week with the widely publicised viral attack on Royal Melbourne Hospital.
It also comes as the federal government gets set to release its long-awaited update to the national cyber security strategy, first developed in 2008.
Mr Verdian said eHealth NSW had contributed, together with other states and territories, to the new strategy, which he said was aimed at addressing the global cyber security skills gap and improving the nation’s capabilities in this area.
“The intern program we are running now is our way of fostering talent in this area and one of the ways we are contributing to the cyber security strategy,” he said.
Information security in the healthcare sector has in the past struggled to gain the maturity levels of industries such as banking but that seems to be changing, particularly driven by events in the US.
US healthcare organisations have been the target of numerous attacks, particularly health insurers. One of the most widely publicised was the attack on health insurer Anthem last October, in which the data of 80 million people was compromised.
A Ponemon Institute report in May revealed that criminal attacks were now the leading cause of data breaches in healthcare in the US, and in July, the US FDA issued its first ever cyber security alert for a specific product, revealing there were vulnerabilities associated with Hospira's Symbiq infusion pump that meant it was possible to access the system through a hospital's network and change the dosage the pump delivers.
In Australia, most attacks have been limited to ransomware attacks on general practices but those are the ones that have come to light. Attacks on hospital systems are a constant threat but few come to light as prominently as Royal Melbourne's experience has this week.
Mr Verdian said NSW Health had been alerted to the virus, which turned out to be a new variant of the Qakbot worm, also known as the Qbot worm, which is known to infect the Windows XP operating system, amongst others.
Mr Verdian said that eHealth NSW, working in conjunction with antivirus vendors, had advised NSW Health facilities to take a number of measures to mitigate risk of infection from the virus.
While XP is no longer widely used in NSW Health – Mr Verdian said a replacement program began over two years ago and there were very few instances left – it was a lesson in just how common the threats are to hospitals in the particular.
Mr Verdian said NSW had not seen a serious breach of its hospital systems, but that healthcare organisations get the same amount of spam, probing and port scanning as any other organisation connected to the internet.
“What we have is a lot of robust controls our systems,” he said. “We've developed something called the Privacy and Security Assurance Framework that bakes in security right from the beginning of a project, from the concept right through to the implementation and post-implementation.
“There are gateway checks and it is quite rigorous. That builds in security from the beginning. All of our projects are quite large – $100 million plus in some cases – and our budget in eHealth is over a billion dollars over 10 years, so we are doing a lot and we are building security into everything.”
Mr Verdian said the partnership with the ACS was part of NSW Health's commitment to doing its bit to help encourage people into a career in health information security, which can be a tough ask.
“It is hard to find good security professionals with healthcare experience as it is a new angle to security,” he said. “Not many people would know all the applications in health and how to secure them. And even getting into security is hard – when I was a grad there was no such thing as a security function. My path started on a Bigpond help desk.
“It is a difficult field to land in so what we want to do is help train the next generation of practitioners who can help protect the country and contribute to the national cybersecurity strategy.”
Undergraduate students interested in applying for an internship in healthcare architecture and cyber security with eHealth NSW can apply here.
Posted in Australian eHealth