Medibank cyberattack must recalibrate short-term amnesia

People use words like ‘stabilization’, ‘maturity’ and ‘optimism’ in relation to the cyber insurance market. Whether or not these are the right terms to describe the state of the industry, I strongly believe that now is not the time. For the industry to relax.

In fact, I’m not sure the cyber insurance industry is relaxing (if you’re looking for a low-stress desk job, consider that). Good people (you and your insurance company) always seem to be one step behind the attackers. New attack vectors are emerging all the time and so far have proven impossible to keep up with.

So even if the above stats are true and there is a slight decline in ransomware activity in early 2022, there will always be new types of attacks keeping business leaders, risk managers and cyber insurers up at night. Become. Forget ransomware constantly bubbling under the surface.

In Australia, Medibank Private Ltd., the country’s largest private health insurer, covering about one-sixth of Australians, has suffered a devastating cyberattack. This is not a ransomware attack (although a ransom was demanded). It was a hacker-disclosed data breach in which the hacker exposed the personal information of approximately 9.7 million current and former Medibank customers and their authorized representatives.

Medibank first announced on October 13 that it had detected “unusual activity” in its internal systems, but responded to the cyberattack and said it “has no evidence that customer data was accessed” during the breach. reported first. On October 17, a malicious party (now believed to be a renaming of Russian ransomware group REvil) threatened to leak personal medical data of Medibank customers unless the insurer paid a ransom. ) changed the story.

On November 7th, private health insurance companies announced that they would not pay the ransom. The decision was endorsed by Australian Home Secretary Claire O’Neill. “Abortion” and “Naughty List” files reportedly contain details of people seeking treatment for HIV, drug addition, alcohol abuse, or mental health problems.

What a disaster. And the hardest part is that Medibank seemingly did everything right to the books. Since the initial breach report on October 13, the health insurance giant has shared regular updates on the situation (including when new personal medical data has been compromised), the status of its investigations, and has provided hotlines, assistance, and critical We have provided tools to help. victim.

Medibank’s decision not to pay the ransom was approved by the Australian government, but Australian Home Secretary Claire O’Neill said “the bastards behind this attack” had “the smartest and toughest people in the country coming”. Despite warning that [at] Hackers continued to leak more data during questioning time in the Australian parliament on November 10. they are laughing at us

The Medibank data breach was a very serious and complex event that (at the time of writing) is still unfolding. There is no doubt that this massive breach will provide a learning opportunity for insurers, brokers and business leaders around the world when it is finally concluded.

For now, I hope it reframes people’s memories. If your country or market is lucky enough to see cyber insurance losses flatten or Other countries, such as Australia, have not been so lucky, even if the severity has diminished.

There is always someone somewhere on the receiving end of criminal cyber activity. It is the nature of risk and we are all exposed. We cannot fully embrace the optimism we have heard in the cyber insurance market.