This appeared last week:
Prime Minister’s department, Reserve Bank victims of HWL Ebsworth Russia-linked cyber attack as government finally reveals list of agencies
Exclusive
By ellen whinnett - Associate editor
5:29PM January 14, 2024
Prime Minister Anthony Albanese’s department, the Reserve Bank and Australia Post are among the government agencies that had sensitive data stolen by Russia-linked hackers who compromised the servers of law firm HWL Ebsworth.
Eight months after the BlackCat/ALPHV ransomware gang stole 2.5 million documents from Australia’s largest commercial law firm and later posted one million of them online, the government has finally coughed up the entire list of government entities impacted by the hack.
And the government has admitted “sensitive information’’, including legal advice, medical information and “issues relating to national security and law enforcement” were lost in the April hack.
The list of agencies was quietly dropped to parliament four days before Christmas, after the government spent months delaying Freedom of Information requests and refusing to provide it publicly.
The full list of agencies hit by HWL Ebsworth hack
1.
Aged Care Quality and Safety Commission
2. AgriFutures Australia
3. Airservices Australia
4. Australian Broadcasting Corporation
5. Australian Commission for Law Enforcement Integrity
6. Australian Communications and Media Authority
7. Australian Competition and Consumer Commission
8. Australian Criminal Intelligence Commission
9. Australian Curriculum, Assessment and Reporting Authority (ACARA)
10. Australian Digital Health Agency
11. Australian Electoral Commission
12. Australian Federal Police
13. Australian Financial Security Authority
14. Australian Institute of Health and Welfare
15. Australian National University
16. Australian Pesticides and Veterinary Medicines Authority
17. Australian Postal Corporation
18. Australian Securities and Investment Commission
19. Australian Taxation Office
20. Civil Aviation Safety Authority
21. Comcare
22. Commonwealth Grants Commission
23. CSIRO
24. Defence Housing Australia
25. Defence Portfolio
26. Department of Agriculture, Fisheries and Forestry
27. Department of Climate Change, Energy, the Environment and Water
28. Department of Education
29. Department of Employment and Workplace Relations
30. Department of Finance
31. Department of Foreign Affairs and Trade
32. Department of Health and Aged Care
33. Department of Home Affairs
34. Department of Industry, Science and Resources
35. Department of Infrastructure
36. Department of Parliamentary Services
37. Department of Social Services
38. Department of the Prime Minister and Cabinet
39. Department of The Treasury
40. Department of Veterans Affairs
41. Digital Transformation Agency
42. Export Finance Australia
43. Fair Work Ombudsman
44. Geoscience Australia
45. Grains Research and Development Corporation
46. Hearing Australia
47. IP Australia
48. National Disability Insurance Agency
49. National Gallery of Australia
50. National Indigenous Australians Agency
51. National Transport Commission
52. NDIS Quality and Safeguards Commission
53. Northern Australia Infrastructure Facility
54. Office of Chemical Safety (AICIS)
55. Office of Parliamentary Counsel
56. Office of the Australian Information Commissioner
57. Organ and Tissue Authority
58. Regional Investment Corporation
59. Reserve Bank of Australia
60. Services Australia
61. Torres Strait Regional Authority
62. WSA Co Limited
It shows that sensitive agencies such as the Australian Commission for Law Enforcement Integrity, which examines corruption and malpractice in law enforcement agencies, and the Australian Digital Health Agency, which has responsibility for digital health records, also lost data in the hack, as did the Department of Prime Minister and Cabinet, Department of Foreign Affairs and Trade and the CSIRO. Treasury and the Department of Parliamentary Services were also impacted, as was WSA Co Limited, the government body set up to deliver and operate the new Western Sydney airport.
More here:
All I can say is what hope does the local GP practice if all these experts have been done over.
You just have to assume that anything that anyone knows about you can, and probably will, leak, and move ahead on that assumption!
You only have to see what gossip magazines can manage to find to realise we don’t stand a chance. Our only defense is that no-one cares!
David.
Well, D'oh
ReplyDeleteIf the intention is to gather all someone's health data into one system and make it easy to access, then don't be surprised if that's exactly what you get.
The military have a policy - if a system has secret data in it, don't allow access from the internet.
Does that stop it leaking? No. Just think of Chelsea Manning and Edward Snowden.
The only safe rule is - if you don't need immediate access to the data, don't store it on line, archive it and make it hard (technically) to get at.
The Department of Health should be forced to justify the risk and costs of them (a non healthcare provider) storing the public's health data.
All they have done over the years is make it easier to get at MyHR data. The design was opt-in and a reasonably robust NASH user identification system. They went out the window in a vain attempt to get people to use it.
The public sector has policies, procedures and laws to protect money where managers and decision makers are held personally responsible. Why not the same for data?
The military has an interoperability challenge, however unlike health, they recognise it and manage it,but leaks happen
ReplyDelete