Health-ISAC Hacking Healthcare 1-26-2024

This week, Hacking Healthcare™ examines a trilateral sanction action against one of the alleged perpetrators of the cyberattack against Australian healthcare insurer Medibank. We provide some background on the recent government sanctions response and then delve into some takeaways and potential ramifications.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

PDF Version:
TLP WHITE 1.26.2024-- Hacking Healthcare

 

Text Version:

 

Welcome back to Hacking Healthcare™.

U.S. and U.K. Stand in Sanction Solidarity with Australia for Medibank Cyberattack

The 2022 ransomware attack against Australian healthcare insurer Medibank was a shock for many. Current estimates of the attack suggest upwards of 9.7 million records stolen, including names, dates of birth, and sensitive medical information, such as “records on mental health, sexual health and drug use.”[i] The Australian government has confirmed that at least some of these records ended up on the dark web.[ii]

Since the attack came to light, the Australian government and various international partners have been working to assess the attack and determine attribution. This 18-month investigation culminated this week with the Australian government placing sanctions on a Russian national Aleksandr Ermakov for his role in the cyberattack.[iii]

The sanction includes “a targeted financial sanction and a travel ban” and “makes it a criminal offence, punishable by up to 10 years’ imprisonment and heavy fines, to provide assets to Aleksandr Ermakov, or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments.”[iv] Australian Minister for Foreign Affairs, Penny Wong, has stated that “[t]he use of these powers sends a clear message—there are costs and consequences for targeting Australia and Australians” and that “[Australia’s] Albanese Government will continue to hold cybercriminals to account.”[v]

U.S. & U.K. Stand in Sanction Solidarity 

Strikingly, despite the victim organization and individuals of the Medibank attack being largely Australian, both the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) and the U.K.’s Foreign, Commonwealth & Development Office immediately placed similar sanctions on Ermakov.

According to U.S. Under Secretary of the Treasury, Brian E. Nelson, this trilateral sanction action is the first of its kind and “underscores our collective resolve to hold these criminals to account.”[vi] The sanction action was justified on the grounds that Ermakov presents a similar risk to both the U.S. and the U.K. The sanction actions by the U.K. and U.S. introduce similar restrictions and asset freezes, as Australia and representatives of both governments were quick to suggest that these types of efforts are likely to continue.[vii]

Action & Analysis
**Available with Health-ISAC Membership**

 

Congress

Tuesday, January 23

No relevant hearings

Wednesday, January 24

No relevant meetings

Thursday, January 25

No relevant meetings

 

International Hearings/Meetings

No relevant meetings

 

EU