23 Feb Cyber Security News Wrap-up #3
It’s time for our Weekly Cyber Security News Wrap-up. Here are the stories that grabbed our attention this week (17th February-23rd February):
a) The Notifiable Data Breaches scheme is in place in Australia as of this Thursday. The NDB scheme applies to agencies and organisations that the Privacy Act requires to take steps to secure certain categories of personal information. This includes Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and TFN recipients, among others. Companies now have an obligation to notify individuals affected by a data breach. Not only do they have to be notified, but the organisation has to include recommended steps the affected parties should take to respond to it and best protect their data. The Australian Information Commissioner also has to be notified of a breach, and if an organisation fails to do so, they can be fined upwards of $1.8m. For more information visit the OAIC website.
b) Tesla’s AWS account has been breached and used to mine cryptocurrency. The hack highlights the vulnerability of cloud services in the wake of the Notifiable Data Breaches Scheme. Murray Goldschmidt, COO at Sense of Security, suggested that if the likes of a large tech-savvy company like Tesla can be attacked, then SMEs are much more vulnerable and as such have an even greater need to monitor their security controls. We comment on the situation here.
c) A new report in the Journal of the American College of Cardiology outlines the possibility of pacemakers and other electronic medical devices being hacked. The benefits of internet-connected medical devices have seen many hospitals and healthcare facilities rapidly introduce them, without understanding the security implications of connecting them to the network. We previously discussed this with the Australian Hospital & Healthcare Bulletin. You can find that article penned by our own Jason Edelstein here.