29 January 2024
The European Union and its Member States express solidarity with Australia on the impact of malicious cyber activities against their healthcare sector, notably against a major health service provider, Medibank. Millions of records, containing personal information, including names, dates of birth, social security numbers and sensitive medical information, were stolen and some published on the dark web. Australia assesses that the network compromise in 2022 has been conducted by a Russian cybercriminal and has, for the first time, used its autonomous cyber sanctions framework to respond to this significant incident.
The European Union and its Member States strongly condemn continued malicious cyber activities targeting essential operators, including those in the European Union, notably through ransomware attacks. Since the COVID-19 pandemic, the healthcare sector has been increasingly targeted by malicious cyber activities, leading to thefts and leaks of personal and sensitive data, as well as the disruption of healthcare services. We collectively continue to monitor the threat landscape.
We remain committed to tackle cybercriminals by strengthening cross-border law enforcement cooperation against ransomware, and continue to support operators of essential services to increase their resilience and strengthen our efforts to deter and respond to malicious cyber activities through joint diplomatic action. We recall the UN norms of responsible State behaviour in cyberspace, including the obligations not to damage or impair the use and operation of critical infrastructure providing services to the public. We also call upon States not to allow their territory to be used for malicious cyber activities and to take appropriate action against actors conducting such activities.
The European Union and its Member States will continue to promote a global, free, open, secure and stable cyberspace, notably the work on the establishment of the UN Programme of Action to this end.
Source – EEAS/EU Council