Posted on November 7, 2022 at 6:47 PM
Medibank Says It Won’t Pay Ransom For compromised Data Of 9.7 Million Customers
More revelations on the hacking incident that hit Australia’s largest health insurer, Medibank, are beginning to surface. Medibank noted that 9.7 million former and current customers’ data was involved in the hacking incident. On Monday, the insurer revealed that the criminal gang responsible for the recent data theft on its platform has requested ransom payment for the data it stole. But it doesn’t intend to pay the ransom the hackers have demanded.
According to the insurer’s report from the findings, Medibank stated that the stolen data contains names, dates of birth, email addresses, and phone numbers of the affected customers.
Australia has witnessed a major rise in the number of cyber attacks on organizations. A government report shows that there is one attack every seven minutes in the country.
Medibank Not Considering A Ransom Payment
Chief Executive Officer of Medibank, David Koczkar, commented on the latest development. He stated that the company believes that there is a slight chance of recovering the customers’ data and preventing it from being published even if it pays a ransom.
Koczkar also stated that the insurer decided not to pay the ransom because it would encourage the hackers to extort other customers. Despite the attack, business operations were not disrupted during the time of the attack, as customers continued to have access to health services.
Medibank plans to set up an external review to learn more from the recent hacking incident while strengthening its cyber response support program.
Customers Have Been Advised To Remain Alert
Medibank has also advised its customers to remain alert because the threat actors could expose the details of their loot online or try to contact them directly for extortion or phishing attack.
The last few weeks have not been quiet for corporate Australia as they have seen a string of attacks.
Woolworths revealed that it suffered a hacking incident where millions of customers using its bargain shopping website were compromised.
Additionally, Singapore Telecommunications (STEL.SI) unit, Optus, disclosed a hacking incident of more than 10 million customer accounts on its platform.
Medibank To Strengthen Its Cyber Response Support Program
Medibank did not confirm when it received the ransom notification from the threat actors or how much was involved. The insurer says such information has been withheld for security reasons and because investigations into the incident are still ongoing.
Koczkar noted that the amount of ransom demand from the threat actors was “irrelevant” to the firm’s decision not to negotiate with them. He added that there were other important reasons not to negotiate with the threat actors to discourage them from further activities.
A cybersecurity expert at UNSW, Lyria Bennett Moses, stated that Medank was caught “between a rock and a hard place”, pointing out that there has been no definite answer to the question of paying a ransom to cybercriminals.
Those who subscribe to the idea of paying a ransom are taking a big risk because they may pay the ransom and still get their data exposed to other hackers or the public. Also, there is no possibility of the company being accused of money laundering or funding terrorism, but their action can encourage more hackers to continue their exploits.
On the other hand, if they refuse to pay the ransom, they may be taking the risk of giving the cybercriminals the freedom to do whatever they want with the data. This could be devastating to some organizations. The criminals will have a lot of options, including contacting the customers personally for extortion and selling the stolen data to other hackers for future attacks.
The government has continually warned against paying the ransom, pointing out that it will encourage more threat actors to continue their attacks. While some companies have heeded the advice, others prefer taking the risk of ransom, especially when critical customer details are involved.
Medibank Said Customers’’’ Primary Identity Accounts Were Not Affected
Medibank assured customers that the impact of the hacking incident is limited. The insurer revealed that the threat actors were unable to have access to primary identity accounts, such as driver’s licenses and account information.
Also, Medibank said health claims data for extra services, such as optical, physio, dental, and credit card details were not accessed. The bank stated that it doesn’t request primary identity documents for resident customers except in exceptional situations.