October 2024 continued the disturbing trend of escalating cyber threats, with new and sophisticated attacks emerging at an alarming rate. Ransomware remained a persistent menace, targeting small and medium-sized businesses with the healthcare sector remaining the prime target. Data breaches continued to expose sensitive information, while supply chain attacks demonstrated the interconnectedness of modern systems. The growing use of AI and machine learning in cyber security offered opportunities and challenges. Governments worldwide responded with new legislation and increased international cooperation, recognising the urgent need to address the evolving cyber threat landscape.

Data Breaches

Tens of thousands of patient records were exposed in a breach at fresh produce company Perfection Fresh. The compromised data included personal information such as names, addresses, and medical histories1. The breach has raised significant concerns about the security of personal data in the healthcare supply chain.

Ransomware Attack

An affiliate of the RansomHub ransomware gang published six gigabytes of data from aged care organisations Respect and TPG Aged Care. The compromised data includes internal documents, financial budgets, bank account details, and contracts with several other Australian organisations. This attack highlights the growing threat of ransomware to critical infrastructure sectors.

Regulatory Compliance and Data Breach Penalties

October saw the Australian government push forward on strengthening penalties for companies that fail to adequately protect customer data. Following high-profile breaches in teleco, banking, and healthcare sectors, regulators are pushing for more stringent reporting requirements and heavier fines for non-compliance. Dramatic figures released by the Office of the Australian Information Commissioner (OAIC) have prompted AUCyber CEO Peter Maloney to call upon healthcare providers and the government to do more to protect sensitive patient data.

Legislative Changes

The Australian government introduced the Cyber Security Legislative Package, which sets in motion key reforms contemplated by the 2023 – 2030 Australian Cyber Security Strategy. The package includes the introduction of the Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024, which amends the Intelligence Services Act 2001 to legislate a limited-use obligation for the Australian Signals Directorate (ASD). This legislative change aims to enhance the country's cyber security framework and protect critical infrastructure.

Source herbertsmithfreehills.com, kineticit.com.au, cyber.gov.au