The hacker responsible for a data breach of Australian health insurance provider Medibank which affected 9.7 million people has released private medical information on the dark web.
The hacker posted a file labelled “abortions” to a site backed by Russian ransomware group REvil on November 10, 2022. It apparently contains information on procedures that policyholders have claimed on, including miscarriages, terminations and ectopic pregnancies.
The hackers also released files containing customer data called “good-list” and “naughty-list” on November 9, 2022. The so-called “naughty-list” reportedly includes details on those who had sought medical treatment for HIV, drug addiction or alcohol abuse or for mental health issues like eating disorders.
The hacker added to the November 10 data leak post, saying: “Society ask us about ransom, it’s a 10 millions (sic) usd. We can make discount 9.7m 1$=1 customer.”
During question time in Australian parliament on November 10, Minister of Home Affairs Clare O’Neil hit back at the hackers, saying: “I want the scumbags behind this attack to know that the smartest and toughest people in this country are coming [at] you.
“I want to say, particularly to the women whose private health information has been compromised overnight, as the minister for cyber-security but more importantly, as a woman, this should not have happened, and I know this is a really difficult time.”
David Koczkar, CEO of Medibank, called the release of the data “disgraceful” and a “weaponization of people’s private information”. He also called those involved in the cyber-attack and data leak “deplorable”.
In an attempt to protect those affected by the cyber security incident and the subsequent data leaks, Medibank urged members of the public and the media to not “unnecessarily download sensitive personal data from the dark web” and to “refrain from contacting customers directly”.
The initial cyber security incident occurred on October 13, 2022, when Medibank detected some “unusual activity” on its internal systems. After dealing with the cyber-attack, Medibank said in a statement that there was “no evidence that customer data has been accessed” during the breach.
Medibank was then contacted on October 17 by the malicious party, who aimed to “negotiate with the [healthcare] company regarding their alleged removal of customer data”.
The malicious party attempted to weaponize Medibank’s customers’ private medical data to extort the medical insurer, saying that they would release the data of the“1k most [prominent] media persons” that include “[those with the] most [social media] followers, politicians, actors, bloggers, [LGBTQ+] activists [and] drug-addicted people” as well as people with “very interesting diagnoses”.
It was confirmed on October 20 that the hacker’s claims were legitimate. Medibank, however, publicly refused to bend to the hacker’s demands and said it would not pay a ransom over concerns it would “encourage the criminal to directly extort [its] customers”.
The company also said that it had received council from cyber security experts who had said there was only a “limited chance” that paying the ransom would result in the return of the stolen data.
How we got here with @medibank. It initially said compromised login credentials were used (that may have involved VPN access). The attackers claim they accessed Redshift – an Amazon data warehousing product – via jump servers. #auspol #infosec (1/4)
In a tweet on November 10, journalist Jeremy Kirk suggested that the hack took place as a result of hackers gaining access to Medibank’s internal systems via compromized login credentials, a tactic that “may have involved VPN access”.
According to Kirk, the hackers claim they used jump servers to access Amazon data warehouse Redshift. The hackers also claim that they had access to Medibank’s internal systems for a month before they were discovered.
On November 7, Medibank revealed the true extent of the hack. The malicious actor gained unauthorized access to and stole the data for 9.7 million past and present customers.
The information included email addresses, phone numbers, addresses, Medicare numbers, names, dates of birth, passport numbers and visa details. It also encompassed the health claims data for 192,000 customers which contained private medical information including where customers were admitted for procedures, service provider names and locations and codes associated with diagnosis and procedures given.
Medibank urged all those affected to “stay vigilant” against cyber attacks that may be levelled against them because of the leak.
Medibank is working with the Australian Federal Police to assess how customers have been affected
The Department of Justice said it was “very disappointed” in the sentencing
A full timeline of the Optus data breach and the events that followed it
The hacker has claimed they are selling confidential information accessed during the hack
The Albanian government was hit with a cyber-attack just days after ordering Iranian officials to le…
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.