Skip to main content

Health Sector Snapshot

This Sector Snapshot is designed to enhance awareness of key cyber security threats in the health sector and advise executives and cyber security professionals within the health sector on what they can do to protect their organisation from cyber threats. This report provides a high-level overview of the cyber security environment from 1 January to 31 December 2020.

The ACSC has published the 2020 Health Sector Snapshot which is designed to enhance awareness of key cyber security threats in the health sector, and advise hospitals, research organisations and others on what they can do to protect themselves from cyber threats.

COVID-19 has fundamentally changed the cyber threat landscape for the health sector. 

The ACSC is working closely with healthcare organisations to lift their cyber defences, including those involved in the COVID-19 vaccine research, manufacturing and distribution.

The ACSC assesses that ransomware is currently the most significant cybercrime threat to the Australian health sector.

Keeping software up to date, using multi-factor authentication, and having current backups stored offline are the best ways to protect you and your organisation from a ransomware attack.

The ACSC released two practical guides on ransomware at the launch of its new cyber security campaign. Both urge all Australians to be alert to online threats and encourage businesses, organisations and households to access easy-to-follow cyber security advice on

Australian individuals, businesses and organisations need to be alert to cybercriminals adapting their scams to exploit the public’s interest for information on COVID-19, including vaccines.

Health sector organisations are encouraged to apply to join our Partnership Program to receive threat alerts and advice to strengthen cyber defences.

If you are impacted by a cyber security incident you can report it through the ACSC’s ReportCyber, which is managed on behalf of federal, state and territory law enforcement agencies, providing a single online portal for individuals and businesses to report cybercrime.