Medical data leaked after cyber attack in Australia
HIV-infected or drug addicts, Australian health insurance customers saw their most personal medical data published on the Internet on Wednesday after a major computer hack and the…
HIV carriers or drug addicts, Australian health insurance customers saw their most personal medical details leaked on the internet on Wednesday after a major computer hack and the company’s refusal to pay a ransom were exposed.
Medibank, one of the country’s largest private health insurers, told its investors that a “sample” of data from its approximately 9.7 million customers had been published on a “dark web forum.” The company expects further leaks.
Names, passport numbers, dates of birth, addresses and medical information are among the personal information posted anonymously Wednesday morning.
The victims were divided into a list of “good guys” and “bad guys”.
Several people on the “Villains” list have been linked to numerical codes that have linked them to drug addiction, alcoholism and HIV.
For example, one file contained the specification “p_diag: F122”.
F122 is the code for “cannabis addiction” according to the International Classification of Diseases published by the World Health Organization.
Australian Prime Minister Anthony Albanese, himself a Medibank customer, likened the cyber attack to a “warning shot” for Australian companies.
The leaked data was posted on a dark web forum that cannot be found with regular browsers.
Medibank, which offers private health insurance to Australians looking to supplement the public universal health system, informed the Australian Stock Exchange of the leak just before the bourse opened.
“The files appear to be a sample of data that we previously determined was accessed by the hacker,” the company said in a statement.
“We expect the (hijacker) to continue posting files on the dark web,” she continued.
Possible Russian connections
The hackers carried out their threat that after a warning they would release the data if Medibank did not pay them an undisclosed ransom.
“PS: I recommend selling Medibank shares,” the hackers wrote on a forum about 24 hours before the first sample data was published.
The Australian federal government-backed Medibank on Tuesday refused to grant her request, advising its customers to remain “vigilant”.
“Based on the extensive advice we received from cybercrime experts, we believe that paying a ransom would have only a limited chance of securing the return of our customers’ data and preventing its disclosure,” said Medibank CEO David Koczkar .
The author of the hack has not yet been publicly identified.
Justine Gough of the Australian Federal Police believed it was the work of a “criminal group or groups” that may be operating outside the country.
Sanjay Jha, senior scientist at the University of New South Wales’ Institute of Cybersecurity, said it was difficult to attribute an attack to just one group.
However, he told AFP the attack had some characteristics linked to a Russian hacking group called REvil, which had previously targeted Brazilian meat giant JBS and Lady Gaga, among others.
An old REvil website taken down by Russia this year redirects to the dark web forum where Medibank data was leaked.
The hackers have also released what they say is a series of exchanges between them and Medibank officials.
“We will do everything in our power to do you as much damage as possible, both reputationally and financially,” the message said.
This security breach has already cost Medibank hundreds of millions of dollars in market valuation. The company’s share price has fallen 20% since October, when information about the data leak first broke.
Australian financial adviser Stephen Jones called the hackers “garbage” and “scammers”.
“We shouldn’t give in to these scammers,” he told Sky News Australia.
As Medibank struggled to contain the leak, it also faced potentially costly class action lawsuits.
Two law firms announced on Tuesday that they have joined forces to investigate whether Medibank breached its data protection obligations under Australian law.
It is always my pleasure to provide insightful information on important topics and if you have learned something from my article then I thank you for taking the time to share it with your friends or family.
We put a lot of heart and invest a lot of time trying to bring you the most interesting articles.
You would encourage us to do it even better in the future. Thank you!