From ransomware to resilience: navigating data risk in health care

In Australia, health care has been the industry most exposed to data breaches in recent years. Here are some key data security challenges and risks healthcare organisations in Australia are currently facing — and potential ways to mitigate them.

Today, the health industry is racing to transform how it delivers care. Both patients and clinicians want seamless connections between care pathways, improved efficiency and better health outcomes. In this quest, hospitals and practices are digitising at speed by adopting smarter, connected devices, migrating records and applications to the cloud, and embracing AI.

But this digital transformation sweeping through health care means that every system, from scheduling to radiology, is now dependent on uninterrupted digital access to a vast store of highly sensitive personal information. This is where the healthcare industry risks losing its balance: with every digital advancement comes more exposure to risk. Data access is critical, but data security is essential.

Valuable data and aging systems

In Australia, health care has been the industry most exposed to data breaches in recent years.¹ This is often attributed to the wealth of data it holds, which is extremely attractive for cybercriminals; but the widespread legacy systems and technical debt in the sector have also become liabilities, making healthcare organisations easy targets for attackers. Decades-old electronic healthcare record (EHR) systems, mainframes and custom applications are difficult to patch or integrate to modern workflows and systems. Pandemic-era quick fixes — most notably VPNs bolted onto aging networks — have also become weaknesses.

This has left many healthcare organisations with legacy and fragmented IT infrastructures that hinder visibility over workflows and data movements, create security gaps, inflate costs and threaten the ‘always on’ reliability that health care depends on.

Understanding healthcare risk

When it comes to risk in health care, the impact goes far beyond fines or reputational harm. Lives are in jeopardy when critical systems go down, and the loss of sensitive records can shatter patient trust.

Ransomware is a particularly acute threat. When clinicians are locked out of essential tools and patients face treatment delays, the pressure to pay becomes overwhelming. Ransomware-as-a-service has made it easier than ever to launch sophisticated campaigns, accelerating breaches across the sector and fuelling a cycle of cybercrime. Ransomware is just one weapon in a growing arsenal of tactics available to cybercriminals, all of which can lead to paralysing care delivery if they are successful.

Insider and third-party exposure is another key challenge for healthcare organisations. With the sophistication of social engineering, an increasing proportion of successful data breaches and cyber incidents are now associated with human error. Overstretched medical staff, contractors or third-party providers who click a malicious link, open an infected file or are lured into sharing credentials and sensitive files with the wrong people can all compromise the entire organisation.

Meanwhile, the rapid adoption of AI is creating new channels for sensitive information to slip through the cracks via generative AI prompts, outputs and AI tools used by healthcare staff outside the purview of security teams and without security guardrails. Together, these pressures form a complex, converging risk landscape that traditional perimeter defences and point solutions are not designed to handle.

Unifying security for modern care

As the health industry gets serious about the effective use of data to inform care pathways and improve health outcomes, it must also improve the architectures it implements to secure that data. Piecemeal solutions are simply not good enough, leaving organisations with complex security architectures that are hard to monitor and manage, and made of poorly integrated tools that do not communicate well with each other.

Data security needs to be unified, meaning that it closes the gaps that allow risk to spread across the system, with security tools that complement each other and are part of the same fabric. Healthcare organisations need to be able to see and manage their network, and the full spectrum of risk it might be exposed to, through a single interface, and converge access control, data protection and threat prevention around users and data for more efficiency. Data protection is an essential piece of the puzzle and should be able to protect data in motion as well as data at rest, and across web traffic, cloud/SaaS applications and AI environments.

At the heart of this model, zero trust principles should restrict users’ access in real time based on their context. Security should be smart enough to consider a user’s location, device and behaviour, and adjust access rights accordingly. This ensures that clinicians, contractors and third parties are granted only the access they need, when they need it, and no more.

By unifying data security, healthcare organisations gain unified visibility, enabling them to manage risk, from exposure to disruption, and analyse events and data through one consistent framework. Modern health care’s greatest opportunity and challenge lies in managing data risk without slowing technological progress. The organisations that will achieve this will deliver care that is secure, connected and trusted without compromise.

*Tony Burnside is Head of APAC at Netskope.

^{1. Office of the Australian Information Commissioner, Notifiable data breaches report: July to December 2024, May 2025, [Internet] Sydney (AU): OAIC;2025. https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-publications/notifiable-data-breaches-report-july-to-december-2024}

Top image credit: iStock.com/Jacob Wackerhausen