Medibank weren't using MFA! Can your Business Afford a Similar Hack?

Hi everyone,

Do you remember the big Medibank hack from 2022? Well, it's been revealed that their IT systems WEREN'T using MFA to safeguard their logons. This costly mistake led to the personal information and medical records of 9.7 million people being STOLEN and Medibank facing a potential fine of over 21 TRILLION dollars.

A report by the Office of the Australian Information Commissioner (OAIC) suggests that not only was MFA not being used on their remote access systems, but also that user accounts were given far too much access to 'privileged systems' (systems that typically obtain sensitive information).

You can read more about it here

This should be a serious wake up call to ALL Australian businesses. Sometimes we think that because we're smaller than mega corps like Medibank, that we can get away with lower security. This just isn't true. It's our responsibility as business leaders to make sure that our data is safe from prying hackers.

That's why I provide Essential Eight audits, reviews and remediation for organisations just like YOURS. The Essential Eight is a maturity model developed by the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC) which includes setting up MFA and making sure that user accounts don't have too much access to sensitive information.

Please don't sweep this stuff under the rug - it's no longer a matter of 'if' we get hacked, it's a matter of 'when'.

I encourage you to reach out to myself or your trusted IT professional to discuss how your business can avoid being the next 'Medibank' news story!


Have a safe day!

Ian