Latest News

Last month, Medibank was the victim of a cyber attack that resulted in the personal information of approximately 4 million customers being exposed. Medibank confirmed criminals accessed and took sensitive customer data including healthcare claims information. The breach also affected former customers, with Medibank confirming laws requiring the company to keep data for seven years.


This breach is particularly concerning because it comes just weeks after the Optus cyber attack, in which the personal information of more than 2 million customers was exposed.


The cause of the cyber attack

The cause of the Medibank cyber attack is still under investigation, but it is believed that the criminals used sophisticated methods to gain access to Medibank's systems. On 12 October 2022, Medibank discovered unusual activity on its network. However, it was not until a week later when Medibank received messages from the hacker that included a sample of records for 100 policies that the company realised that the hacker had gained access to its systems obtaining the personal information of customers.


It is reported that the attack was started through the theft of the credentials of a person with high-level access within the company, which was then sold on a Russian cybercriminal forum. These credentials were used to gain access to Medibank's servers where the hacker had free reign for over a week, undetected. The personal information that was accessed includes names, contact details, date of birth, gender and Medicare details. 


What Can Businesses Learn from the Medibank Cyber Attack?

Medibank’s head of technology and operations, John Goodall, said that the company had deployed monitoring tools on its network and those tools suggest that the hacker is no longer in the company’s systems. 


The Medibank cyber attack serves as a reminder of the importance of proactively monitoring your network for suspicious activity. One of the best ways to monitor your network for risks is by performing regular or continuous vulnerability scans. These scans can help you identify potential vulnerabilities in your systems so that you can take steps to fix them before they're exploited. 


How do I Protect Against Such Cyber Attacks?

As a business owner, it's important to be aware of the cyber risks that your business may face. To protect your business, you need to be proactive in testing your cyber risk. Here is how you can do that.


1. Identify Your Assets

The first step in testing your cyber risk is to identify your assets. What information and systems does your business rely on? This includes things like customer data, financial information, and proprietary information. Once you've identified your assets, you need to determine how valuable they are to your business. This will help you prioritise which assets are most at risk in the event of a cyber attack.


2. Understand Your Threats

The next step is to understand the threats that exist and how they could impact your business. There are many different types of cyber attacks, so it's important to familiarise yourself with the most common ones. This includes things like malware, phishing, and Denial of Service (DoS) attacks. Once you understand the threats that exist, you can start to develop a plan to protect your assets.


3. Develop and Implement a Plan

Once you've identified your assets and understood the threats, you need to develop a plan to protect them. Implementing security controls, developing incident response plans, and creating security policies and procedures are all essential to keeping your business safe. These can help to deter potential attackers and limit the damage that can be done if an attack does occur. It's important to make sure that all employees are aware of these policies and procedures and know how to follow them.


By taking these steps, you can reduce the likelihood of a successful cyber attack and minimise the impact if one does occur. 


Need to know more?

If you have any questions or would like to learn more about how we can help you with your cyber security needs, please contact CyberUnlocked. We are always happy to chat about ways to keep your business secure from cyber attacks.


More CyberUnlocked Blogs

Sarah McAvoy at Intergy Consulting for crucial cyber security posture and mitigate risks of cyber-attack

by CyberUnlocked 25 February 2025
In the second part of our interview with Intergy Consulting, our founder, Sarah McAvoy from CyberUnlocked, explained the most critical cyber security measures that businesses can take today to enhance their security posture and mitigate risks of cyber-attack. Watch the full video to gain expert insights on how to protect your organisation from modern cyber security challenges!
Cover for Genea Cyber Attack

Genea Cyber Attack: Key Lessons and Essential Cyber Security Strategies for Healthcare

by Sarah McAvoy 24 February 2025
The Genea incident serves as a stark reminder of the evolving cyber threats facing the healthcare sector. By adopting comprehensive cyber security strategies and fostering a culture of vigilance, organisations can better protect themselves and their patients from future attacks.

Understanding the Australian Threat Landscape with Sarah McAvoy & Intergy Consulting

by CyberUnlocked 17 February 2025
Recently, our Founder, Sarah McAvoy had the pleasure of sitting down with our partner Intergy Consulting to have a discussion on the convergence of cyber security and software development.