.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: MediSecure, an Australian electronic prescription provider.
The Take: The impacted data included personal information including full names, titles, dates of birth, gender, email addresses, phone numbers, and individual healthcare identifiers (IHI).
The Vector: An early forensic investigation by the company into the relevant impact of the incident indicated that 6.5TB of data stored on a database server was likely exfiltrated by a malicious third-party actor, although, encrypted servers couldn’t be examined for further details.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
Australian Prudential Regulation Authority: The Australian Prudential Regulation Authority (APRA) has written to all APRA-regulated entities emphasising the critical role of data backups in cyber resilience.
Yahoo News: Australia's Iress Ltd over the weekend detected and contained an unauthorized access of the firm's space on a third-party platform which is used to manage its pre-production software code, the financial software firm said.
Financial Newswire: While at least one industry superannuation fund continues to deal with APRA over a cyber-security incident a year ago, the Association of Superannuation Funds of Australia (ASFA) has made clear to the Government that its member funds do not want minor security incidents being automatically escalated to APRA.
Financial Newswire: Less than a week after the Australian Prudential Regulation Authority (APRA) imposed additional license conditions on NGS Super over a cyber breach, a new white paper is arguing that managing communications to members is key to minimizing reputational damage.
Yahoo Finance: Australia will undertake an economy-wide revamp of its cybersecurity protections including revised data laws, mandatory reporting and a new nationwide cyber council in response to several significant hacks targeting businesses and infrastructure over the past year.
CSO: A cybersecurity self-assessment of 697 Australian organizations revealed 58% have limited or no capability to protect confidential information adequately.
The Guardian: Microsoft says it will invest an additional $5 billion in Australia over the next two years to expand hyperscale cloud computing capacity while collaborating with the Australian Signals Directorate (ASD) to boost domestic protection from cyber threats.
CSO: The Australian federal government has approved amendments to the Protective Security Policy Framework (PSPF) to mandate non-corporate Commonwealth entities to appoint a CISO to be responsible for cyber security leadership in the entity.
US News: Australian Perpetual confirmed an extended tech outage over an IT security incident, affecting some of its funds, though the fund manager reaffirmed that all its client investments and its own systems were unaffected and secure.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy