Berlin-based GeneralMind, founded by the team behind German unicorn Razor Group, has secured $12 million in pre-seed funding to develop its AI-driven "System of Action" for automating enterprise workflows. The platform acts as an autopilot for repetitive white-collar tasks across ERPs and email.
A newly disclosed vulnerability in Schneider Electric's Foxboro DCS, a widely used industrial control system, could allow attackers to disrupt critical infrastructure operations. The flaw, originally from Intel, affects energy and manufacturing sectors worldwide, including Australia.
Coimbatore-based Aivar has secured $4.6 million in seed funding to scale its AI-first services platform, which helps enterprises move from AI pilots to production-ready solutions. The investment will fuel expansion into the US and Middle East, targeting the gap between AI potential and execution.
Microsoft 365 remains healthcare’s weakest security link, with breaches rising from 43% in 2024 to 52% in mid-2025. Patient data exposure, soaring costs, and AI-driven cyberattacks in Australia highlight urgent gaps. Policymakers face mounting pressure to safeguard data sovereignty.
Paubox’s mid-2025 report indicates that 52% of U.S. healthcare email breaches in the first half of 2025 involved Microsoft 365, up from 43.3% in 2024. The analysis, which focused on 107 email-related incidents between January and June 2025, underscores how the “world’s most widely-used business email platform” has become an irresistible target for cybercriminals.
The consequences have been severe: more than 1.6 million patient records were exposed, with an average of 16,000 records compromised per incident. Some, such as the breach at United Seating and Mobility, exceeded half a million records. IBM estimates now place the average cost of a healthcare email breach at approximately US $11 million.
Between January 2024 and January 2025, 180 healthcare organisations reported email-related breaches to the U.S. HHS OCR, with 43.3% linked directly to Microsoft 365.
Rick Kuwahara, Chief Compliance Officer at Paubox, observed:
“Healthcare IT leaders are confident in their systems, until a breach happens. What we’re seeing is a perfect storm of limited resources, expanding attack surfaces, and security strategies that rely too heavily on human vigilance.”
Key security controls were often absent. The report noted that 98.9% of organisations lacked MTA-STS protections, 37.2% left DMARC in ‘monitor-only’ mode, and only 1.1% were categorised as low-risk.
Across Australia and the wider APAC region, threat patterns mirror those in the U.S. but with an AI-enabled dimension. Aon’s 2025 Cyber Risk Report highlights that cyber incident frequency rose by 29% year-on-year and by 134% over the past four years. Social engineering incidents surged, with 53% more deepfake-enabled attacks and fraud claims up 233%.
Aon’s APAC lead, Adam Peckman, warned:
“AI is no longer a future threat—it is a present-day reality. We are seeing relatively unsophisticated actors now wield tools that rival state-sponsored capabilities.”
Australian healthcare was the most-breached sector in late 2024, accounting for 17% of all reported incidents. Non-hospital clinics and insurers were especially exposed. CyberCX notes that while AI holds promise as a tool for innovation, it is increasingly weaponised to disrupt operations. Patient identity data has become a prized target for ransomware, raising profound risks not only for service continuity but also for data sovereignty, with foreign actors targeting medical research and patient records.
The leap from 43% to 52% in Microsoft-related breaches, coupled with soaring costs, represents a crisis that healthcare can no longer ignore. Organisations must enforce DMARC rejection, deploy MTA-STS, and integrate real-time threat detection with AI-driven email filtering. Supply-chain vigilance and third-party risk management are now essential in a climate where vendor compromise is a frequent vector.
Lieutenant General Michelle McGuinness, Australia’s National Cyber Security Coordinator, has acknowledged the scale of the challenge:
“We have seen in recent years the very real impact that healthcare-related cyberattacks can have on millions of Australians.”
To help address these vulnerabilities, the Health Cyber Sharing Network (HCSN) was launched in January 2025 as a pilot programme funded by the Department of Home Affairs. Scheduled to run through to 2027, it forms a central pillar of the 2023–2030 Australian Cyber Security Strategy. In parallel, the Federal Government awarded CI-ISAC Australia a $6.4 million grant to develop a dedicated information-sharing and analysis centre for the healthcare sector.
Beyond funding initiatives, McGuinness—widely referred to as Australia’s “Cyber Security Czar”—announced significant legislative reforms at the AUSCERT 2025 Cyber Security Conference on the Gold Coast. She highlighted sweeping changes under the Cyber Security Act, which came into force in May. The legislation introduced mandatory ransomware reporting for companies with turnovers above $3 million, minimum security standards for smart devices, and established a Cyber Incident Review Board to examine lessons learned from major attacks.
McGuinness framed the law as a turning point in Australia’s cyber defence posture, requiring collective action from business, government, and citizens alike. Yet, despite these advancements, gaps remain. While the government has launched the AI Government Showcase to promote broader adoption of artificial intelligence, there are still no dedicated AI cybersecurity programmes addressing the critical intersection between AI and emerging cyber threats. AI is mentioned only in passing in the national strategy, categorised as part of “emerging technology risks”.
The question remains whether these initiatives are sufficiently robust and agile to counter an escalating and accelerating threat landscape. Critics argue the government has yet to establish dedicated AI centres of excellence or AI-focused cyber initiatives, leaving Australia exposed in a rapidly shifting digital battleground.
Healthcare’s reliance on email, particularly for critical clinical communication, amplifies risk. The evidence is clear: human error remains the most significant vulnerability. As Rick Kuwahara emphasised,
“Healthcare IT leaders are confident in their systems, until a breach happens.”
In Australia, where data sovereignty and AI-driven vulnerabilities are accelerating, a pressing question arises: What frameworks of federal or state policy should be enacted to strengthen healthcare data security, sovereignty, and resilience?
Question for CNC readers and healthcare practitioners: What should we be asking governments—both state and federal—to implement today to safeguard patient data and ensure sovereignty in the AI era?
Thumbnail image credit: Ed Hardie / Unsplash
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
A wave of cyber attacks disrupted Australia’s defence and industry sectors, as confidential military data and industrial networks were exposed by state backed and criminal groups. ASIO’s director warns these persistent threats now demand urgent, coordinated cyber security action.
Kmart’s facial recognition breach exposes more than a privacy violation. This extended analysis unpacks Wesfarmers’ compliance failures, the identity risks of biometric data, and how retail surveillance linking with social media could erode consumer trust.
Cyber incidents in the Asia-Pacific have surged 29% in the past year, with Australia facing major breaches at the University of Western Australia and Qantas. Manufacturing is the top target, deepfakes are on the rise, and experts warn the region is in a digital arms race demanding urgent action.
ASIO’s $12.5 billion espionage warning is more than a tally of stolen secrets. It reveals a national digital crisis. With 24 major spy operations disrupted and identity systems exposed, Australia’s critical infrastructure and social services face a growing risk of collapse from unseen cyber threats.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
