ADHA starts turning cyber security strategy into reality

By on
ADHA starts turning cyber security strategy into reality

iTnews talks to CISO John Borchi.

The Australian Digital Health Agency (ADHA) marked the start of implementing its latest cyber security strategy with a flurry of requests for information (RFIs) late last month.

ADHA CISO John Borchi told iTnews the work program is the first phase in realising the cyber-security plan published by the agency in March this year [pdf]. 

Borchi said the strategy responds to changes in the threat landscape in recent years.

One of those changes, he said, was demonstrated in how the Log4j vulnerability unfolded.

At first, the ADHA’s expectations were in line with most people in cyber security – the vulnerability would be patched “pretty quickly”.

That turned out not to be the case: security teams in vendors around the world are still discovering dependencies on unpatched software that exposes their systems to Log4j, and will be doing so for some time. 

Borchi told iTnews that requires “ongoing vigilance” on the part of organisations like the ADHA, since they’re often in a better position to monitor the hygiene of small partners like GP clinics.

And that’s another change the ADHA sees in its operating environment in recent years – it’s interacting with many more such small third parties and had to adjust its strategy accordingly.

The strategy also has to comply with top-level government imperatives, most importantly the digital health strategy (for example, with its emphasis on the importance of the MyHealth Record), and the cyber security strategy overseen by the Department of Home Affairs.

Protecting the health data honeypot.

Borchi said the foundations of the security strategy are straightforward: “Protecting the healthcare system from adversaries, and protecting the healthcare data of Australians.

“Healthcare data is considered key for criminals, to break into and utilise. So for us the challenge is making sure the threat is kept at bay, while we improve interconnectivity of the healthcare system, with more data sharing, and better information to improve healthcare and patient experiences," he said.

The requests the ADHA took to market in August are designed to establish the “people and processes” needed to execute the strategy. They are:

The aim, Borchi said, is to have frameworks and teams in place to ensure that planning the execution of the strategy doesn’t fall victim to meeting the day-to-day demands of cyber security.

This program of work aims to “set up our team and our collaboration within the partners that we have, so that we are responsive and we work to respond to those priorities, and respond to the challenges over the next two to three years," he said,

“Business-as-usual areas have other priorities that overtake their ability to deliver” when new strategies or projects are on the table, whereas the coordination cell will have a specific brief to “oversee the implementation of the agency’s cyber security uplift activities”.

The operating model, on the other hand, will help define the agency’s interactions with external providers.

For many years, the ADHA’s main external partner has been Accenture, since for many years that contractor has been operating MyHealth Record.

“As we’ve migrated MyHealth Record into a new hosting environment, we have formed relationships with Deloitte and other partners as well,” Borchi explained.

While its strategic direction has necessitated a boost to personnel, Borchi said so far the difference has been manageable, in the 10 to 15 percent range.

With these activities in place, Borchi said, the next program of work will set implementations in motion.

In the future, he told iTnews, “there will be a lot more go-to-market activities, and they will be specific for areas that we need support with.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
adhacybersecuritysecuritystrategy

Sponsored Whitepapers

Responding To Industry Trends And Our 5m+ Users
Responding To Industry Trends And Our 5m+ Users
The Future of Digital Identity in Government
The Future of Digital Identity in Government
Secure Public Services for Every Australian
Secure Public Services for Every Australian
7½ Questions for Aged Care's Digital Decisions
7½ Questions for Aged Care's Digital Decisions
Creating the Sustainable IT Department
Creating the Sustainable IT Department

Most Read Articles

Qantas brings technology under chief customer officer

Qantas brings technology under chief customer officer
Woolworths sheds light on 'dark store' ecommerce operations

Woolworths sheds light on 'dark store' ecommerce operations
Westpac tech teams impacted as bank cuts 300 staff

Westpac tech teams impacted as bank cuts 300 staff
ANZ deploys new algorithms, AI to tackle scams

ANZ deploys new algorithms, AI to tackle scams

Digital Nation

Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
COVER STORY: The opportunities and risks of cybersecurity insurance in Australia
COVER STORY: The opportunities and risks of cybersecurity insurance in Australia
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
DeepAI founder on the risks of artificial intelligence
DeepAI founder on the risks of artificial intelligence

Log In

  |  Forgot your password?