iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Medibank has revealed that staff data has indeed been compromised as a result of the nation’s largest private health insurer falling victim to the MOVEit supply chain attack.
The organisation said that one of its property managers faced a data breach as a result of the MOVEit cyber attack and that a file containing personal details of staff was compromised.
Medibank said the file contained names and contact information of several staff members but that other details such as payroll, bank details and home addresses remained safe.
Medibank’s connection to the MOVEit hack was revealed yesterday (20 June) after it said it was contacted by local MOVEit vendor Ipswitch, informing them that vulnerabilities had been detected and used by threat actors.
“We were advised by the vendor Ipswitch about some vulnerabilities discovered in MOVEit — a software system we use to share information with external parties — and have promptly applied all the vendor’s recommended security patches,” said a Medibank spokesperson.
“We continue to investigate and work closely with the vendor, and at this stage, we are not aware of any of our customers’ data being compromised.”
The last 10 months have been filled with strife for the private health insurer after it suffered from one of the largest cyber attacks in Australian history when the REvil cyber criminal group stole a claimed 200GB worth of data, compressed down to 5GB.
The attack affected 9.7 million people, and the hackers demanded $15.6 million in ransom demands. When they weren’t paid, the group then dumped the data online, calling it “case closed”.
The MOVEit hack, which has been claimed by the Clop ransomware group, is another example of the danger of supply chain attacks and the potential for them to compromise hundreds of businesses and their customers.
Alongside Medibank, the hack has also affected British Airways, the BBC and several US government departments.
According to Sumit Bansal, vice-president APJ at BlueVoyant, this kind of attack reflects previous undertakings by the Clop gang.
“MOVEit is dominating security right now because it was pilfered by Clop. It follows their pattern of attacking file transfer services, proving reminiscent of GoAnywhere and Accellion,” he said.
“On top of this, MOVEit hits all sectors because everyone is a target of opportunity.”
Bansal said that the hack is a reminder to businesses that vulnerabilities need to be identified and patched immediately.
“The MOVEit data theft is a sobering reminder of the criticality of immediate patching. The moment vulnerabilities are identified, organisations must prioritise timely response; otherwise, they’re at the mercy of adversaries,” he said.
“If you’re impacted by MOVEit and you can’t install the latest patch versions, at the very least, you need to disable all HTTP and HTTPs traffic to MOVEit Transfer environments.
“Affected companies should also check for potential indications of unauthorised access over at least the past 30 days.”
In addition to patching, Bansal recommends that a layered defence is ideal for protecting from cyber attacks.
“This latest cyber attack is a reminder for organisations to look at their vendors, suppliers, and other third parties and protect their data with defence in depth,” he said.
“When different cyber security defences are layered, it makes it more difficult for cyber attackers to access sensitive systems and data.
“While it’s important to avoid ‘the sky is falling’ sentiment in this industry, it is also important to understand that adversaries don’t discriminate, and we’re all at risk.”
Be the first to hear the latest developments in the cyber industry.
