Learning Outcomes

Upon completion of this chapter, learners will be able to:

• Explain cybersecurity’s core principles in health information management, specifically through the lens of the Confidentiality, Integrity, Availability (CIA) triad to sensitive patient data.
• Understand the fundamental nature of cyber attacks, including data breaches, ransomware attacks, phishing, and denial-of-service.
• Describe different cybersecurity defence strategies, including defence in depth and zero trust, and explain how they can be used to protect health information.

Introduction

The Australian healthcare sector is undergoing a rapid digital transformation, with electronic health records, telehealth, and connected medical devices becoming increasingly prevalent. While these advancements offer significant benefits for patient care, they also expose the industry to a growing range of cyber threats. With these changes, the number of opportunities for attackers to cause harm has increased, and the scope for impacts on healthcare consumers has likewise increased.  In the first half of 2024 alone, Australia’s healthcare sector reported a staggering 102 data breaches, highlighting the urgent need for robust cybersecurity measures (OAIC, 2024).

This chapter begins by examining cybersecurity from first principles, addressing what we are protecting and the objectives of cyber attackers. By comprehending the core goals of cybersecurity, health information managers can better understand why attackers may target our systems, and identify which data and systems require protection. These fundamental principles are particularly relevant to the sensitive patient data central to modern healthcare. Grasping the consequences of breaches in these areas is essential, encompassing compromised patient privacy and safety, disrupted care delivery, and significant financial losses for healthcare providers.

’We will also examine the diverse landscape of cyberattacks targeting the health sector, including ransomware attacks that cripple critical systems, data breaches that expose confidential patient information, and denial-of-service attacks that disrupt access to essential healthcare services. The recent spate of high-profile attacks on Australian healthcare providers underscores the sector’s vulnerability and the potential for devastating consequences (e.g. Medibank (Taylor, 2022) and MediSecure (Department of Home Affairs, 2024)).

Finally, we will explore key cybersecurity defence strategies, including defence in depth and zero trust, and discuss how these approaches can be implemented to strengthen the security posture of healthcare organisations. By understanding these strategies, health information managers can play a vital role in protecting patient data and ensuring the continued integrity of Australia’s healthcare system. In the next chapter, Cyber Risk Management, we examine the methodologies and techniques we implement in line with these overall strategies to defend our systems and data.

What is Cybersecurity?

Cybersecurity is generally understood as simply protecting our devices and data from harm.  While true, this definition does not’ fully capture the complexity of the threats we face. Cybersecurity is a dynamic field, changing as systems evolve over time. This means that  to understand the threats we face (and defend against them!), we first need to understand the foundations of cyber threats to understand what is happening.

Core to the broader field of information security is the Confidentiality, Integrity, and Availability triad (CIA)  – alongside authentication. These principles are fundamental to understanding vulnerabilities and safeguards in any environment, particularly in complex sectors like healthcare, which rely on interconnected networks and have many human actors involved in accessing, modifying, and sharing information.

Different environments prioritise these principles differently, requiring careful consideration of potential trade-offs. This section will equip you with the knowledge to understand key security questions and concerns, enabling you to consider how the implementation of protective measures in health enable the protection of consumer data, while also achieving other goals related to care delivery.

This following section describes the three goals of the CIA triad , which has been the dominant model for information security. Every cyber threat and attack can be understood through the CIA triad lens. It enables defenders to consider what is most valuable to them and what needs to be protected.

Confidentiality (C)

“Assets of a computing system are accessible only by authorised parties.” (Pfleeger et al., 2015)

Confidentiality is likely the goal most individuals would consider synonymous with security, particularly in the context of data breaches witnessed in recent years. This definition above by Pfleeger et al speaks of “assets” which reminds us that information systems consist of hardware, software, and data, and that confidentiality can be lost via physical theft, as well as unauthorised electronic access (Pfleeger et al., 2015). It also reminds us that data exists because it is useful to one, a few, or many people, and that it needs to be made available to them. This definition demands that only those authorised to have access to the data are allowed to do so. This requires techniques to identify and authenticate users of the system.

The term “parties” reminds us that people do not access digital data unaided; it is delivered to them via the operating system and a variety of software written and managed by people.

To ensure the goal of confidentiality of our data, we must trust many other people; the people who write the operating system code and application software, the people who install and maintain this, and also the hardware and the people provided with the authentication details that allows them to access the data.

You may note that (Pfleeger et al., 2015) definition says nothing about controlling what the authorised parties do with the data. However, some systems attempt to control and monitor the preservation status of confidential data; however, these are usually only found in very special environments. It is obviously no use to restrict access to data if an authorised user can then write it to an unrestricted file.

It is also worth considering that once confidentiality has been lost, it cannot be restored. Once private data about an individual has been shared with unauthorised parties, it cannot be unshared. This is not the same for integrity, as any resulting losses from that cause can usually be corrected. Health information managers role is to protect the information assets within their organisation.

For example, generative artificial intelligence platforms like ChatGPT, Copilot, or Gemini  are useful tools to create written outputs. Consider a health professional using one of these platforms in relation to their role and submitting possibly sensitive information to receive an answer. To create the output, the data provided to them is sent to a server, analysed, used to create a response, and then likely stored for later use by the platform. By storing the data that was used, these platforms contribute to a breach of confidentiality, regardless of whether that data can be directly accessed by another person (Attwooll, 2023).

Integrity (I)

“Every piece of data is as the last authorised modifier left it.” (Schneier, 2015)

Data integrity is vital, particularly within a healthcare context where care decisions are made based on data in electronic medical records and from tests and lab results. It is important to note that the definition above by Schneier (2015) did not say the data are accurate. Computer security techniques cannot control the accuracy of data, as they are created or modified. However, they can try to ensure that only those with the authority can create, modify or even delete data.

As with confidentiality, integrity relies on the ability to properly authenticate who the actual user is and to maintain accurate and sufficiently protected tables of what each authorised user is allowed to do with the data managed by that information system.

Data integrity is vital if we trust this data as part of our decision-making process. If an unauthorised party has modified the data, then they are impacting the decisions being made, changing the outcome.

For example, cyber attacks targeting billing systems could change  data in generated invoices, which could be sent to patients or come from suppliers. These changes often relate to the account number for payment and sometimes the payment amount, allowing the attackers to steal money and impact patient care provision through apparent non-payment, or care providers reputation as businesses (Australian Competition and Consumer Commission, 2024).

Availability (A)

“An attacker can’t prevent legitimate users from having reasonable access to their systems.” (Schneier, 2015)

Availability is about ensuring systems and data are available when required – this has strong links to business continuity, and within the context of healthcare, an essential service, care systems must be available when the consumer needs them.

It is important to notice that the above definition is about ensuring that those who have the right can use the information system when it is normal for them to do so (Schneier, 2015). It does not say that a user can use a system whenever they feel like it. Indeed, many systems try to enhance their security by restricting when users can have access; for example, limited to only during their normal working hours. This is made easier by putting users into classes or groups, all of whom have the same access privileges or rights. This also makes it easier to change rights for a group when and if circumstances change.

For example, a common attack on availability is ransomware, where an attacker encrypts data, removing its availability to legitimate users. Although accidents such as power outages and weather events can also result in similar impacts and can be viewed with the same lens in responding to the risk.

Authentication (the extra A)

Finally, to add an additional meaning to the “A”, it is quite common to consider authentication as a fourth security goal. The common thread through all the definitions above is that they rely on the ability to authenticate the identity of the person using the information system. The cartoon below is a famous example that sums up the dilemma.

Two things must happen to authenticate a user of an information system or a person in the real world. First, we must identify the person and then confirm that we have made the correct identification. We then determine what we will allow them to do. I am sure that in life you have misidentified people, and hopefully, that has not led to too great an embarrassment. Many cybersecurity issues we experience are the result of stolen credentials (i.e., passwords) where users are then impersonated by an attacker to gain access to systems (to breach confidentiality), or modify the data (breaching integrity), or in the common example of ransomware, remove access to the data (breaching the availability).

Passwords are highly usable and were a suitable solution for authentication in limited computing settings in the late 1960s (Yadron, 2014). However, they are not a resilient mode of authentication in the modern era (see activity below for evidence) and are very commonly paired with additional factors (i.e., something they have or are vs knows in the case of a password) to improve their security, called second factors. These additional factors can include biometrics (i.e., something we are, such as a fingerprint or facial scan), key cards or one-time codes via an application or SMS (i.e., something we have), or other forms of authentication that a user carries with them or can access to prove their identity. Effective authentication is vital to the security of systems and data, and commonly presents the weakest link that attackers can subvert.

What is a Cyber Attack?

Understanding our security goals enables us to have a greater understanding of what a cyber attack is. Our impressions of them from mass media or TV are likely quite far removed from the concepts described in the previous section, but a cyber attack is, fundamentally, any attempt to expose, alter, disable, destroy, steal or gain unauthorised access to a computer system. It can be as simple as a person we know guessing our password to access our device without our permission or a complex attack by a national state actor thousands of kilometres away. However, the outcome in relation to what goal is breached is not that different between those two attackers.

A cyber attack is the outcome of a motivated person using a vulnerability in a system to get it to behave in a way the owner does not desire (Schneier, 2015). A vulnerability is a weakness. It could be a flaw in the software, or it could be a guessable password. When noticed by a malicious actor, this weakness presents an opportunity for them to do harm. We call this opportunity a threat. An attack is that opportunity being realised, and the vulnerability being successfully exploited by the attacker.

As such, a cyber attack is comprised of these three elements:

• Vulnerability – An error or weakness in design, implementation or operation.
• Threat – An adversary motivated and capable of exploiting the vulnerability.
• Attack – The means (sequence of actions) of exploiting the vulnerability.

A key part of understanding how an attack works is to consider what the attacker is trying to do. If you consider the process that occurred in practical terms, a lot of attacks may leave you with the main thought of “How on earth did the person figure that out?”. While this can often be an unavoidable thought, the reason that they could figure out the flaw in the system was likely about their mindset when approaching the system in the first place. When we consider what the goal of the attacker is and work backwards from that, they will aim for the simplest way or weakest link to achieve that goal. This may result in them examining systems in ways other people have not previously examined them. Thus, finding flaws (hard to locate vulnerabilities) in the security enables them to reach their goal.

The weakest link may be through accessing a leaked password and then logging in with a user’s account, or it can be a software-based attack that beings with a user clicking on a link in an email. Software-based attacks are about utilising an exploit against the system to trick it into running different commands. Whether in the operating system or some task-specific application, software commonly contains millions of lines of code. Most lines of code are well-written and do their job admirably. However, the sheer amount of code in software means that it sometimes contains mistakes. Many mistakes are caught during the development and testing of systems and removed; others get missed, and often their security weakness is not obvious.

In Cyber Risk Management chapter,  we will discuss responding to the vulnerabilities within our systems. However, for the moment, if we consider the complexity of modern IT systems within healthcare, we can likely appreciate the level of complexity that exists. In addition to considering our goals and identifying health information managers need to prioritise our protection, understanding our vulnerabilities requires understanding our level of exposure to threat actors. A key element of this is understanding what our attack surface is.

The attack surface refers to all the points through which an attacker can enter or extract data from a system (Manadhata & Wing, 2010). With the proliferation of Internet-of-Things devices in healthcare (i.e., connected devices other than traditional devices), this surface widens significantly, presenting cybercriminals with numerous potential entry points to exploit vulnerabilities (Abdullah et al., 2022). These devices often collect and transmit sensitive patient data, making them lucrative targets for malicious actors seeking to compromise the integrity of healthcare systems. The entry point to a network is not necessarily the device that has the data or access that an attacker will be aiming for, but a foothold to get into the system, where they can then move laterally to other devices within the network.

Reducing the attack surface is crucial for strengthening cybersecurity. This involves limiting what devices are on the network and the access they have, updating software and hardware so that known vulnerabilities are fixed, and implementing strong authentication. These steps, all present within Essential 8 (Australian Cyber Security Centre, 2017) (more on this in the next chapter), minimise the attack surface, and by doing so, healthcare organisations can significantly reduce their risk of cyberattacks.

What Cyber Attacks Have Occurred in Health?

We are increasingly becoming aware of cyber attacks through the mass media, often following the coverage across multiple days as the damage inflicted is being investigated. Below is a sampling of the higher-profile cyber attacks against health organisations in Australia in the last few years:

• I-MED – Unauthorised sharing of imagery of 40,000 patients (Wilson, 2024)
• MediSecure – Personal information of 12.9 million Australians (Department of Home Affairs, 2024)
• St Vincents – Data breach (Crozier, 2023)
• Medibank Private – Data breach affecting 9.7 million people (Taylor, 2022)
• Eastern Health – Ransomware affecting four hospitals (McDonald, 2021)
• Tasmanian Ambulance Service – Data breach of every ambulance request in the state for a three-month period (Baker, 2021)

However, it is worth noting that while we have seen these high-profile breaches, the OAIC (2024) reports that 63% of breaches affect less than 100 individuals, and 30% of breaches are the result of human error. As a result, the 102 breaches seen within the Health sector in the first half of 2024 are not all of the scale of Medibank private (OAIC, 2024). However, individuals are still affected, and the costs can be long-lasting, considering the privacy of the data involved and the impacts that can occur when care provision is hindered.

A 2023 survey of the healthcare industry across 14 countries by security vendor Sophos reported that 60% of organisations had been affected by ransomware in the previous year (Mahendru, 2023). In 2023, 24% of health organisations were able to stop the ransomware attack before it could encrypt data, down from 34% in 2022. For those that had data encrypted, 42% paid the ransom to retrieve data, while 73% were able to use backups to restore the data (these numbers indicate that some organisations paid the ransom despite having backups) (Mahendru, 2023).

Cybercriminals target the healthcare sector due to the sizeable volume of valuable data, not only electronic health records, but also financial records. Several challenges make the healthcare industry a softer target compared to other high-value industries:

• low levels of cyber literacy among the workforce,
• insufficient investment in digital infrastructure,
• lack of robust cybersecurity measures,
• limited collaboration among different agencies, and
• high costs associated with implementing cybersecurity measures.

Collectively, these factors create numerous vulnerabilities and weak points for cybercriminals to exploit (Chipeta, 2024; OAIC, 2024; Seh et al., 2020).

One of the most pressing concerns regarding cybersecurity in healthcare is the potential for cyber attacks to disrupt care provision. Attacks that compromise medical devices can lead to delays in treatment putting patients’ health at risk. Moreover, tampering with Internet-of-Things devices can result in incorrect data being provided to healthcare providers, potentially leading to misdiagnoses or harmful adjustments to treatment plans . Unfortunately, this threat is not something far off in the future, but as seen in the two headlines below (McGee, 2021; Wetsman, 2020), we have already witnessed the first deaths in hospitals as the result of cyber attacks.

As we face these risks, we can take guidance from the National Digital Health Strategy (Australian Digital Health Agency, 2023), where we can see that security is embedded in much of the strategy moving forward. This gives us the responsibility to ensure our systems are cyber resilient. It equips us with the plan and language when discussing our priorities with management within the organisation to ensure that we can protect the privacy and security of our health information systems.

Philosophy of Cyber Defence

Understanding what attacks are, how they breach our goals, and in a health context, have possible impacts, not only on privacy but the health of consumers, informs the choices we make to defend against these threats. The next chapter describes some methods and techniques that we can implement; however, it is also important to consider our defence at a conceptual level to understand how it mitigates the risks we face.

The evolution of cybersecurity defence philosophy mirrors the evolving nature of cyber threats themselves. Early approaches were often reactive, focused on building walls and bolstering defences. However, as technology advanced and attacks grew more sophisticated, the philosophy shifted towards proactive strategies, recognising that absolute security is an illusion. Security is a process, not an endpoint we reach by implementing a particular countermeasure.

One of the earliest and most enduring principles is the principle of least privilege (Saltzer & Schroeder, 1975). This concept advocates for granting users and processes only the necessary permissions to perform their tasks, limiting the potential damage from a security breach. Any request outside of those permissions results in denied access, also known as default deny. This laid the groundwork for access control models and user privilege management, which are still fundamental today; however, at the time, it was still common for wide scale access across organisation systems, and those within the organisation were broadly trusted to “do the right thing”.

In the 1980s, the concept of “Defence in Depth” emerged, recognising that relying on a single security layer was insufficient. Like a medieval castle with multiple walls and moats, cybersecurity needed layered defences. This approach combines security measures like perimeter defences (firewalls) to keep attackers out, intrusion detection systems to respond if they get in, and strong authentication to create a multi-layered barrier against attacks. The intention is that if one layer is breached, other layers will hopefully still mitigate (decrease the impact) the attack.

As systems grew more complex, the focus shifted towards building security into the design phase itself. “Security by Design”, a concept popularised in the late 1990s and early 2000s (McGraw, 1998; Viega & McGraw, 2001), emphasises incorporating security considerations throughout the software development lifecycle. This proactive approach aims to minimise vulnerabilities from the outset, rather than patching them later. Such an approach aims to create a resilient and cyber hardened system from the outset.

The rise of mobile devices, cloud computing, and remote work challenged traditional security models. Perimeter-based defences were no longer sufficient in a world where users and data resided outside the traditional network boundary.  This led to the emergence of “Zero Trust” architecture in 2010 (Kindervag, 2010). Zero trust assumes that no user or device can be trusted by default, requiring verification at every access point – often termed as the principle “never trust, always verify”. This approach emphasises continuous authentication, authorisation, and validation, even for users within the network.

Zero Trust is increasingly seen as the aspirational cornerstone of modern cybersecurity, which is nontrivial to adopt into existing systems. It reflects a shift from static defences to a dynamic, adaptive approach, recognising that threats can emerge from anywhere, even within the organisation. This philosophy aligns with an increasingly interconnected world, where data and users are constantly moving, and the heavy reliance on software and service supply chains increases the complexity of the information systems that organisations operate. With the adoption of cloud computing resulting in geographically dispersed networks, the software-defined perimeter emerged as a key component of cloud security and zero trust architectures. Software-defined perimeters shifted security focus from network perimeters to individual application access. This aligned perfectly with zero trust’s “never trust, always verify” principle. Software-defined perimeter solutions authenticated and authorised every user and device before granting access to specific resources, drastically reducing the attack surface and mitigating lateral movement in cloud environments.

At a similar time as Zero Trust, Lockheed Martin published a framework called Cyber Kill Chain (Hutchins et al., 2011). It outlines the seven distinct stages an attacker typically progresses through: reconnaissance, weaponisation, delivery, exploitation, installation, command and control, and actions on objectives. By breaking down attacks into these phases, defenders can strategically implement controls to “break the chain” at any point. This proactive approach allows for multiple layers of defence, increasing the chances of thwarting an attack before the attacker achieves their goal. The kill chain provides a common language and framework for security professionals to analyse attacks, develop mitigation strategies, and improve overall cybersecurity posture. While concepts like perimeter defence and defence in depth approaches are generally considered passive measures,  the kill-chain approach takes an active step to understand the nature of attacks that are occurring, and has been built on by knowledge bases of known attacks such as in MITRE ATT&CK® [opens in new tab] (MITRE, 2025).

From the principle of least privilege to the concept of zero trust, the evolution of cybersecurity philosophy mirrors our continuous adaptation to an ever-changing threat landscape. This progression underscores a growing comprehension of the attack surfaces that systems and data present and the necessity for adaptive defences in response to the ever changing information environment. By understanding these foundational principles, we can more fully appreciate cybersecurity methods and techniques deployed at an organisational level to safeguard our data and systems, as explored in the next chapter.

Summary

Digital health is now routinely embedded in healthcare, so we can only expect the number and level of digital systems integration to increase and, with it, the cyber events the industry has had and continues to experience. For digital health systems to be fit for purpose—to ensure clinical safety and quality—they need to be private and secure. However, to achieve this, we need to understand the threats we are facing to build an appropriate defence.

This chapter explained what cyber attacks are and how they can be described as an attacker aiming to breach one of our security goals. The lens of the security goals enables us to understand the impact and motivation behind attacks. Defending our systems and data from these risks is the next step, explored in the next chapter. However, in this chapter, we considered the evolution of cyber defence in recent decades. The approaches have changed from being only reactive to being proactive, to allowing wide levels of access to systems, to pivoting to a more locked down and default deny scenario, in line with the zero trust philosophy.

To build an effective defence against these risks, we need to consider the likely forms of attacks we are going to receive, our budget, the usability needs of our stakeholders, and legislative requirements under the law (as described in the Health Information Law, Privacy and Ethics chapter) – all within the context of our security goals. There will be trade-offs in relation to how much defence we can afford and what an appropriate defence is that ensures our employees and other users can make effective use of our systems – this is the area of risk management, the topic for the next chapter.

References

Abdullah, A., Elhenawy, I., & Abdelmonem, A. (2022). Security Challenges and Solutions in the Internet of Things. Journal of Intelligent Systems and Internet of Things. https://www.riverpublishers.com/journal/journal_articles/RP_Journal_1902-097X_2018110.pdf

Attwooll, J. (2023). ‘Extremely unwise’: Warning over use of ChatGPT for medical notes. NewsGP. https://www1.racgp.org.au/newsgp/clinical/extremely-unwise-warning-over-use-of-chatgpt-for-m

Australian Competition and Consumer Commission. (2024). Beware of fake invoices from scammers impersonating businesses. Australian Competition and Consumer Commission. https://www.accc.gov.au/media-release/beware-of-fake-invoices-from-scammers-impersonating-businesses

Australian Cyber Security Centre. (2017). Essential Eight. Australian Signals Directorate. https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight

Australian Digital Health Agency. (2023). The National Health Strategy 2023-2028. A. D. H. Agency. https://www.digitalhealth.gov.au/discover-the-national-digital-health-strategy-2023-2028

Baker, E. (2021). Tasmanian Ambulance Service – Data breach of every ambulance request in the state for a three-month period. A. News. https://www.abc.net.au/news/2021-01-08/patient-records-pager-messages-published-online/13041958

Chipeta, C. (2024). Healthcare Cybersecurity, Data Breach & Cybercrime Statistics in Australia. Eftsure. https://eftsure.com/en-au/statistics/healthcare-cybersecurity-data-breach-cybercrime-statistics-in-australia/

Crozier, R. (2023). St Vincent’s Health says data stolen in cyber attack. ITNews. https://www.itnews.com.au/news/st-vincents-health-says-data-stolen-in-cyber-attack-603661

Department of Home Affairs. (2024). MediSecure cyber security incident. Australian Government. https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/cyber-coordinator/medisecure-cyber-security-incident

Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research, 1(1), 80. https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf

Kindervag, J. (2010). Build security into your network’s dna: The zero trust network architecture. Forrester Research Inc, 27, 1-16.

Mahendru, P. (2023). The State of Ransomware in Healthcare 2023. Sophos. https://news.sophos.com/en-us/2023/08/10/the-state-of-ransomware-in-healthcare-2023/

Manadhata, P. K., & Wing, J. M. (2010). An attack surface metric. IEEE Transactions on Software Engineering, 37(3), 371-386.

McDonald, K. (2021). Eastern Health restores systems, confirms ransomware attack. PulseIT. https://www.pulseit.news/australian-digital-health/eastern-health-restores-systems-confirms-ransomware-attack/

McGee, M. K. (2021). Lawsuit: Hospital’s Ransomware Attack Led to Baby’s Death. G. I. Security. https://www.govinfosecurity.com/lawsuit-hospitals-ransomware-attack-led-to-babys-death-a-17663

McGraw, G. (1998). Testing for security during development: Why we should scrap penetrate-and-patch. IEEE Aerospace and Electronic Systems Magazine, 13(4), 13-15.

MITRE. (2025). MITRE ATT&CK. https://attack.mitre.org/

Office of Australian Information Commissioner (OAIC). (2024). Notifiable Data Breaches Report: January to June 2024. Office of the Australian Information Commissioner. https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-publications/notifiable-data-breaches-report-january-to-june-2024

Pfleeger, C. P., Pfleeger, S. L., & Margulies, J. (2015). Security in computing. Pearson.

Saltzer, J. H., & Schroeder, M. D. (1975). The protection of information in computer systems. Proceedings of the IEEE, 63(9), 1278-1308. https://ieeexplore.ieee.org/document/1451869

Schneier, B. (2015). Secrets and lies: digital security in a networked world. John Wiley & Sons.

Seh, A. H., Zarour, M., Alenezi, M., Sarkar, A. K., Agrawal, A., Kumar, R., & Ahmad Khan, R. (2020). Healthcare data breaches: insights and implications. Healthcare, 8(2), 133. https://www.mdpi.com/2227-9032/8/2/133

Steiner, P. (1993). “On the Internet, nobody knows you’re a dog”. The New Yorker,.

Taylor, J. (2022). Medibank hackers announce ‘case closed’ and dump huge data file on dark web. The Guardian. https://www.theguardian.com/australia-news/2022/dec/01/medibank-hackers-announce-case-closed-and-dump-huge-data-file-on-dark-web

Viega, J., & McGraw, G. R. (2001). Building secure software: How to avoid security problems the right way. Pearson Education.

Wetsman, N. (2020). Woman dies during a ransomware attack on a German hospital. T. Verge. https://www.theverge.com/2020/9/17/21443851/death-ransomware-attack-hospital-germany-cybersecurity

Wilson, C. (2024). I-MED data breach exposes tens of thousands of patient files using details shared online for a year. Crickey. https://www.crikey.com.au/2024/09/26/i-med-data-breach-patient-files-exposed/

Yadron, D. (2014). Man Behind the First Computer Password: It’s Become a Nightmare. The Wall Street Journal. https://www.wsj.com/articles/BL-DGB-35227