Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Medibank staff data compromised in MOVEit hack

Medibank has revealed that staff data has indeed been compromised as a result of the nation’s largest private health insurer falling victim to the MOVEit supply chain attack.

user icon Daniel Croft
Wed, 21 Jun 2023
Medibank staff data compromised in MOVEit hack
expand image

The organisation said that one of its property managers faced a data breach as a result of the MOVEit cyber attack and that a file containing personal details of staff was compromised.

Medibank said the file contained names and contact information of several staff members but that other details such as payroll, bank details and home addresses remained safe.

Medibank’s connection to the MOVEit hack was revealed yesterday (20 June) after it said it was contacted by local MOVEit vendor Ipswitch, informing them that vulnerabilities had been detected and used by threat actors.

“We were advised by the vendor Ipswitch about some vulnerabilities discovered in MOVEit — a software system we use to share information with external parties — and have promptly applied all the vendor’s recommended security patches,” said a Medibank spokesperson.

“We continue to investigate and work closely with the vendor, and at this stage, we are not aware of any of our customers’ data being compromised.”

The last 10 months have been filled with strife for the private health insurer after it suffered from one of the largest cyber attacks in Australian history when the REvil cyber criminal group stole a claimed 200GB worth of data, compressed down to 5GB.

The attack affected 9.7 million people, and the hackers demanded $15.6 million in ransom demands. When they weren’t paid, the group then dumped the data online, calling it “case closed”.

The MOVEit hack, which has been claimed by the Clop ransomware group, is another example of the danger of supply chain attacks and the potential for them to compromise hundreds of businesses and their customers.

Alongside Medibank, the hack has also affected British Airways, the BBC and several US government departments.

According to Sumit Bansal, vice-president APJ at BlueVoyant, this kind of attack reflects previous undertakings by the Clop gang.

“MOVEit is dominating security right now because it was pilfered by Clop. It follows their pattern of attacking file transfer services, proving reminiscent of GoAnywhere and Accellion,” he said.

“On top of this, MOVEit hits all sectors because everyone is a target of opportunity.”

Bansal said that the hack is a reminder to businesses that vulnerabilities need to be identified and patched immediately.

“The MOVEit data theft is a sobering reminder of the criticality of immediate patching. The moment vulnerabilities are identified, organisations must prioritise timely response; otherwise, they’re at the mercy of adversaries,” he said.

“If you’re impacted by MOVEit and you can’t install the latest patch versions, at the very least, you need to disable all HTTP and HTTPs traffic to MOVEit Transfer environments.

“Affected companies should also check for potential indications of unauthorised access over at least the past 30 days.”

In addition to patching, Bansal recommends that a layered defence is ideal for protecting from cyber attacks.

“This latest cyber attack is a reminder for organisations to look at their vendors, suppliers, and other third parties and protect their data with defence in depth,” he said.

“When different cyber security defences are layered, it makes it more difficult for cyber attackers to access sensitive systems and data.

“While it’s important to avoid ‘the sky is falling’ sentiment in this industry, it is also important to understand that adversaries don’t discriminate, and we’re all at risk.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.