Australian health insurance company Medibank has faced a ransomware attack which is threatening to leak 9.7 million customers’ information. The company admitted that more than 500,000 health claims had been accessed and threatened to be sold on the dark web. Medibank has since refused to pay the ransom to known Russian ransomware group REvil. The group’s chief executive David Koczar said that paying the ransom would make Australia a “bigger target”.

Business owners are being warned to take cybersecurity more seriously amid a huge increase in attacks. With the uptick in data breaches and ransomware, insurance premiums have increased on average by 28%. Cyber insurance is classed differently from other types of business insurance, and offers protection against these attacks. To mitigate price rises, underwriters are advising businesses to consider protocols like multi-factor authentication and encrypted password management.

London’s Hackney Council has been forced to pay an incredible £12 million after its online services and IT systems were hit by a cyber-attack. The attack involved Pysa ransomware, which stole data from the council and published it on a dark web forum.  Julia O’Toole, CEO of MyCena Security Solutions, said: “As long as public sector organisations continue to let their employees create their own keys, there will be no respite. Organisations need to control their access keys and improve their resilience through encryption and segmentation.”

The personal data of 129,000 customers and 23 businesses was exposed in a 2020 cyber-attack on a telco company. Australia-based Optus revealed in September that 10 million customers had been exposed in a data breach – but it has since come to light that a further two attacks were made on its parent company, Singtel. The hackers had exploited a zero-day vulnerability to obtain sensitive data, which was then published on a public forum.

The former security officer of Uber, Joe Sullivan, has been convicted on criminal charges in relation to a data breach. The breach took place in 2016 and affected 57 million Uber riders and drivers around the world. Sullivan was convicted of obstruction of proceedings of the Federal Trade Commission, but experts say the judgement is unfair. Jody R. Westby at Forbes says the blame should lie with the C-Suite, not a single CISO or CSO. She said: “In a cyber context, meeting the duty of loyalty and exercising good faith oversight could be interpreted to mean that boards have identified key cyber risks and established an information and reporting system with critical information flows about these risks and a process to monitor them.”

A healthcare system in Wisconsin and Illinois has had to notify patients of a data breach that exposed millions of personal details. Advocate Aurora Health, which runs 26 hospitals, reported that improper use of a Meta Pixel caused the attack. This affected patients’ login areas, where they would enter personal medical information. The Meta Pixel JavaScript tracker is designed to study how users interact with the site, and then send this data to Facebook. Attacks of this type have happened before, including Novant Health in August 2022, which affected 1.3 million patients.