Posted on November 11, 2022 at 6:23 AM
The hackers responsible for Medibank’s data breach have been posing health records of Austrians on the dark web and demanding $10 million to stop leaking more data. According to the message posted by the cyber-extortionist, Medibank needs to pay $1 for each of the 9.7 million customers affected.
Medibank is the largest private-sector insurer in Australia. It was hit by threat actors last month, but the company stated that it was not succumbing to any pressure from the hackers to pay a ransom. Now the hackers have taken it upon themselves to add more pressure by releasing some of the records. According to the group, more data will be released to the dark net if the insurer fails to respond to the ransom demand.
The Hackers Initially Released Data Of Some Patients
The threat actors responsible for the hacking incident also posted information that will allegedly link clients to their abortions. Earlier this week, the hackers released part of the stolen data which shows customers who received treatments for mental health issues with HIV as well as addiction.
Local media reported that the dark net forum where the hackers posted the hacked data was from REvil, a hacking group that Russian authorities claimed they shut down earlier this year following U.S.’s request.
Chief Executive Officer of Medibank, David Koczkar, commented on the development. He condemned the actions of the hackers as “disgraceful” while apologizing to customers for the unfortunate incident. “We remain committed to fully and transparently communicating with customers,” he added.
Koczkar said the insurer will contact all customers that were affected by the breach and those whose data have been released on the dark web.
Despite the leaked data on the dark net, Medibank has stood its ground on non-payment of ransom to hackers. The insurer said it was acting based on advice from cybersecurity experts who warned against a ransom payment. According to the institute, there is no guarantee that ransom payment will prevent the hackers from releasing the remaining data. Additionally, Koczkar stated that paying the ransom would make more people become targets as more hackers would want to exploit other organizations for ransom.
Medibank’s Share Price Slumps 20% Following The Incident
The posted data contained the names, dates of birth, and email addresses of the affected victims. It also includes passport numbers and details of medical claims from patients.
“The files appear to be a sample of the data that we earlier determined was accessed by the criminal,” Medibank stated. The company added that it expects the threat actors to continue releasing more data and files to the dark net in the coming days since it has resolved not to pay any ransom.
Justice Cough, AFP Assistant Commissioner Cyber Command, stated that criminal groups responsible for the hacking incident may have been operating from outside Australia.
The data breach incident has already hit Medibank very hard after wiping millions of US dollars off the company’s market value. As of press time, Medibank’s share price was down by over 20% since last month.
Security agencies have constantly advised victimized organizations to avoid paying ransom for their stolen or hacked data. The payment of ransom, according to them, can increase the possibility of more attacks because it will encourage other threat actors to plan more attacks.
The hackers had initially threatened to sell the data to third parties, specifying that they will prioritize the records of 1,000 actors, media personalities, politicians, drug addicts, and LGBTQ activists for exposure.
The Attack On Medibank Came One Month After Optus Suffered Another Attack
The Australian Federal Police is investigating the incident. The agency has also warned that downloading or even accessing the data through any means is a criminal offense and offenders can be prosecuted for such.
The cyberattack, which was first reported last month, is the latest major data breaches companies have suffered in Australia. In September, the country’s second-highest telecom provider Optus announced that the data of about 10 million customers were accessed in a cyber attack against the entity.
At the time, Kelly Bayer, the Chief Executive Officer of Optus, stated that the group threatened to release the data of the customers if the company fails to pay a $1 million ransom. But he later deleted the post, claiming that the hackers say they are no longer selling the data.