This week, Hacking Healthcare™ examines a trilateral sanction action against one of the alleged perpetrators of the cyberattack against Australian healthcare insurer Medibank. We provide some background on the recent government sanctions response and then delve into some takeaways and potential ramifications.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)
PDF Version:
Download
Text Version:
Welcome back to Hacking Healthcare™.
U.S. and U.K. Stand in Sanction Solidarity with Australia for Medibank Cyberattack
The 2022 ransomware attack against Australian healthcare insurer Medibank was a shock for many. Current estimates of the attack suggest upwards of 9.7 million records stolen, including names, dates of birth, and sensitive medical information, such as “records on mental health, sexual health and drug use.”[i] The Australian government has confirmed that at least some of these records ended up on the dark web.[ii]
Since the attack came to light, the Australian government and various international partners have been working to assess the attack and determine attribution. This 18-month investigation culminated this week with the Australian government placing sanctions on a Russian national Aleksandr Ermakov for his role in the cyberattack.[iii]
The sanction includes “a targeted financial sanction and a travel ban” and “makes it a criminal offence, punishable by up to 10 years’ imprisonment and heavy fines, to provide assets to Aleksandr Ermakov, or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments.”[iv] Australian Minister for Foreign Affairs, Penny Wong, has stated that “[t]he use of these powers sends a clear message—there are costs and consequences for targeting Australia and Australians” and that “[Australia’s] Albanese Government will continue to hold cybercriminals to account.”[v]
U.S. & U.K. Stand in Sanction Solidarity
Strikingly, despite the victim organization and individuals of the Medibank attack being largely Australian, both the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) and the U.K.’s Foreign, Commonwealth & Development Office immediately placed similar sanctions on Ermakov.
According to U.S. Under Secretary of the Treasury, Brian E. Nelson, this trilateral sanction action is the first of its kind and “underscores our collective resolve to hold these criminals to account.”[vi] The sanction action was justified on the grounds that Ermakov presents a similar risk to both the U.S. and the U.K. The sanction actions by the U.K. and U.S. introduce similar restrictions and asset freezes, as Australia and representatives of both governments were quick to suggest that these types of efforts are likely to continue.[vii]
Action & Analysis
**Available with Health-ISAC Membership**
Congress
Tuesday, January 23
No relevant hearings
Wednesday, January 24
No relevant meetings
Thursday, January 25
No relevant meetings
International Hearings/Meetings
No relevant meetings
EU
[i] https://www.gov.uk/government/news/uk-and-allies-sanctions-russian-cyber-hacker
[ii] https://www.foreignminister.gov.au/minister/penny-wong/media-release/cyber-sanctions-response-medibank-private-cyber-attack
[iii] https://www.foreignminister.gov.au/minister/penny-wong/media-release/cyber-sanctions-response-medibank-private-cyber-attack
[iv] https://www.foreignminister.gov.au/minister/penny-wong/media-release/cyber-sanctions-response-medibank-private-cyber-attack
[v] https://www.foreignminister.gov.au/minister/penny-wong/media-release/cyber-sanctions-response-medibank-private-cyber-attack
[vi] https://home.treasury.gov/news/press-releases/jy2041
[vii] https://www.gov.uk/government/news/uk-and-allies-sanctions-russian-cyber-hacker
[viii] https://www.foreignminister.gov.au/minister/penny-wong/media-release/cyber-sanctions-response-medibank-private-cyber-attack
[ix] https://ofac.treasury.gov/media/912981/download?inline
- Related Resources & News
- Leveraging ISO 81001-5-1 Amid Medical Device Procurement
- Mitigating risk as healthcare supply chain attacks prevail
- Enhancing Cybersecurity in Rural Hospitals
- Health-ISAC Hacking Healthcare 11-15-2024
- Cyber Incident Response: Playbook for Medical Product Makers
- Feds Warn of Godzilla Webshell Threats to Health Sector
- Trump’s Return: Impact on Health Sector Cyber, HIPAA Regs
- Health-ISAC Hacking Healthcare 11-7-2024
- Protecting the Healthcare Supply Chain Against Russian Ransomware Attacks
- All hospitals should be concerned about cyberattacks. Here’s why