NewsBite

Health and transport data lost in HWL Ebsworth hack

Health and transport data lost in HWL Ebsworth hack, as cyber co-ordinator Darren Goldie says boards of management must take responsibility for cyber security.

National Cyber Security Coordinator Darren Goldie.
National Cyber Security Coordinator Darren Goldie.

Australia’s new cyber chief Darren Goldie has revealed data affecting the insurance, transport, property, construction and health sectors was compromised in the cyber attack on law firm HWL ­Ebsworth.

Mr Goldie, a three-star general on secondment from the Royal Australian Air Force, said he had been formally advised on how broad the hack was after he invoked the national co-ordination mechanism, a protocol bringing together federal, state and ­company representatives to respond to major cyber incidents.

The mechanism had been previously deployed in the Medibank and Latitude Financial hacks, but had not until last week been activated in response to the cyber ­attack on HWL Ebsworth, which saw Russian-linked hackers BlackCat steal 2.5 million documents, posting about one million of them on the dark web after the company refused to pay a ransom.

Ransom demands sent to law firm HWL Ebsworth after 4 terabytes of data were stolen by Russian hackers BlackCat. Picture: Supreme Court of NSW.
Ransom demands sent to law firm HWL Ebsworth after 4 terabytes of data were stolen by Russian hackers BlackCat. Picture: Supreme Court of NSW.

Mr Goldie said he and Home Affairs and Cyber Security Minister Clare O’Neil had also met with HWL’s managing partner, Juan Martinez, and the firm’s chief strategy officer, Russell Mailler, to discuss how the company was ­notifying affected persons whose data had been breached.

This included contacting vulnerable people who had been involved in legal disputes involving health matters.

“Rather than them sending a letter from a somewhat nameless, faceless law firm in Canberra, their priority has been to do the notification through care providers,’’ Mr Goldie said.

Some NDIS clients involved in legal disputes are among those whose data has been breached.

In his first round of media interviews since being named National Cyber Security Co-ordinator last month, Mr Goldie, 48, said he was not a cyber expert and would leave the technical work to the “fantastic cyber professionals’’.

An air marshal who has flown Hercules aircraft in and out of conflicts in East Timor, Iraq and Afghanistan, and who joined the Defence Force at the age of 17, Mr Goldie said his expertise was in incident response and collaboration.

“I’ve been fortunate enough to map a career in defence, specifically the air force, that has done a number of the roles that prepare for and rehearse for major incidents,’’ he said. He also spent two years working for the Department of Prime Minister and Cabinet.

Mr Goldie said he wanted to work in the cyber security field because “this is the most exciting terrain that exists in the nation at the moment. We exist in the digital world. I think cyber, particularly the threats that it poses to us as a nation, are substantial and I really think there’s work to do.’’

He said all companies needed to assess their cyber security, and he said boards of management “absolutely’’ had a responsibility to ensure their cyber security was as strong as it could be.

“If you are running a business in Australia today, no matter what the size, if you’re not thinking about your computer systems, your networks and your data, then you’re not running a business,’’ he said.

“I would expect for all the boards in Australia … the days of being able to delegate that down to a risk committee or an IT section are well and truly gone.

“Most businesses in Australia are carrying significant amounts of our personal identifiable information and with that comes responsibilities to protect that information.’’

Mr Goldie said his priority was to build resilience in Australia to stand up to cyber attacks, and he had been travelling the nation since his appointment talking to big business and peak bodies about their cyber strategies.

“Our response to incidents is still developing. In the physical domain, we’ve had floods and fires for centuries and we’ve worked out how we respond,’’ he said.

“Cyber is a newer threat and I think we’re still working out or developing an understanding about who or what has responsibilities.’’

Ellen Whinnett
Ellen WhinnettAssociate editor

Ellen Whinnett is The Australian's associate editor. She is a dual Walkley Award-winning journalist and best-selling author, with a specific interest in national security, investigations and features. She is a former political editor and foreign correspondent who has reported from more than 35 countries across Europe, Asia and the Middle East.

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

Original URL: https://www.theaustralian.com.au/nation/politics/health-and-transport-data-lost-in-hwl-ebsworth-hack/news-story/0bff2b7feaa0854179a7c211d8af8f4f