Medibank hack attributed to cybersecurity failings

Major Australian health insurance provider Medibank was reported by the Office of the Australian Information Commissioner to have committed significant security lapses that resulted in a cyberattack in October 2022 that compromised data belonging to 9.7 million individuals, reports BleepingComputer.

The far-reaching hack, which was tied to now-sanctioned Russian national Alexander Gennadievich Ermakov, has stemmed from the breach of a Medibank IT service desk operator's home computer that contained browser-stored Medibank credentials, which provided attackers elevated privileges and access to the firm's Microsoft Exchange server and its Palo Alto Networks Global Protect Virtual Private Network, according to the OAIC report. Medibank had not averted the breach of its VPN due to its failure to implement multi-factor authentication. "Medibank's Global Protect VPN was configured so that only a device certificate, or a username and password (such as the Medibank Credentials), was required," added the report, which added that the insurer also did not appropriately triage alerts from its endpoint detection and response system in late August.