• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Red Sift Blog

Red Sift Blog
  • redsift.com
  • Featured
  • Who are we?
  • Get in touch
You are here: Home / Cybersecurity / The 2022 MediBank Breach: The future of cybersecurity and data breach legislation 

The 2022 MediBank Breach: The future of cybersecurity and data breach legislation 

by Red Sift
February 22, 2023February 22, 2023Filed under:
  • Cybersecurity

At the tail end of 2022, Australia was rocked by two significant cyberattacks impacting telecommunications company Optus and private health insurance provider Medibank. Professor and Red Sift Special Advisor, Ciaran Martin, was there in November as the story broke on the Medibank breach. Red Sift’s Head of Cyber Governance and Tech100 Women Winner, Dr. Rois Ni Thuama, recently caught up with Ciaran to discuss what he thought the Australian law enforcement and media had done well with Medibank, as well as the areas where he thinks there could be an improvement. 

In October 2022, Medibank announced that it had suffered a cyber incident, with cyber criminals accessing sensitive medical data on 9.7 million customers, over one-third of Australian citizens.

Although the attack was not disruptive to Medibank, meaning nobody’s healthcare suffered due to the attack, they were facing a very real threat of ransom demand. 

Medibank made the difficult, but smart, decision not to pay the ransom. Initially, hackers promised they did not intend to publish sensitive data, rather MediBank would be allowed back into their system upon payment of the ransom. After three days of silence from Medibank, the criminals decided they would begin releasing sensitive data on the dark web, starting with women’s reproductive care, mental health, and substance abuse and addiction records.  

Listen to the full discussion here where Rois and Ciaran expand the discussion on:

Because of the sensitive nature of these documents, in most instances, this would have created mass fear among Australian citizens. However, according to Ciaran, “Australian law enforcement and the media did an excellent job of talking about and sharing information with civilians responsibly. Rather than add fuel to the fire, media publications chose not to start reporting on the individual files that were being released, or even give much coverage to the nature of the documents. This move really devalued the extortion demand to an extent because of the strategic move to reduce the fear of private information exposure.” 

  • Nation-state involvement in the attack
  • How governments – specifically the US – have historically handled cybersecurity legislation and Nation-state actors 
  • Ideas on how we can improve breach reporting, policies, and legislation in the future

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • Australia
  • compliance
  • Cyber Governance
  • Cybersecurity
  • Data Breach
  • DMARC
  • email security
  • legislation
  • Medibank

Post navigation

Previous Post How can CIOs stay ahead of bad actors in 2023?
Next Post Red Sift is officially a Carbon Positive organization

Primary Sidebar

Subscribe to our blog and be the first to get updates!

Categories

  • AI
  • BEC
  • BIMI
  • Brand Protection
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • DORA
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Work at Red Sift
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • October 2016

Copyright © 2023 · Red Sift