Hackers Want $10 Million for Stolen Medibank Australian Health Records
Hackers on Thursday demanded $10 million (about Rs. 82 crore) to stop leaking highly sensitive records stolen from a major Australian healthcare company, as they uploaded sensitive information about customers.
Medibank, Australia’s largest private health insurer, confirmed this week that hackers had obtained the details of 9.7 million current and former customers, including Prime Minister Anthony Albanese.
Hackers on Thursday uploaded a second set of files to a dark web forum, with sensitive information about hundreds of Medibank customers.
The first leak seems to have been chosen to cause the most damage: it targeted those who received treatment related to substance abuse, sexually transmitted diseases, or pregnancy terminations.
“Another abortions.csv file has been added,” the anonymous hackers wrote on the forum, before explaining their ransom threat.
“The community is asking us about the ransom, it’s 10 million USD. We can make a discount…$1 = 1 customer.”
Medibank has repeatedly refused to pay the ransom.
Profit and greed
The Medibank hack – and an earlier data breach affecting nine million customers at telecommunications company Optus – have raised questions about Australia’s ability to crack down on cybercriminals.
Dennis Desmond, a former FBI agent and head of the US Defense Intelligence Agency, said Australia was no worse than “any other high-value target country or Western country”.
“It’s very unfortunate, but I don’t think Australia is any more vulnerable than any other developed Western country,” he told AFP.
Desmond said profit-driven hackers are less likely to be country-specific – and are often more interested in targeting companies that hold sensitive information.
“These are the types of data that these hackers are most interested in,” he said.
“Healthcare data is a huge target and personally identifiable data is of high value.”
“Usually, profit and greed are the driving forces.”
The Medibank hack may have included the data of some of the country’s most influential and wealthy individuals.
Medibank chief executive David Koczkar condemned the “disgraceful” fraud tactics.
“The weaponization of people’s private information in an attempt to extort payment is dangerous and an attack on the most vulnerable members of our society.”
The group behind the attack appears to be pressuring Medibank by poaching potentially dangerous personal information from within the records.
The first records posted on the dark web forum were divided into “naughty” and “nice” lists.
Others on the “naughty” list had numerical codes that appeared to link them to drugs, alcohol abuse and HIV infection.
For example, one record has text that reads: “p_diag: F122”.
F122 corresponds to “cannabis dependence” under the International Classification of Diseases, published by the World Health Organization.
Names, addresses, passport numbers, and dates of birth are also included in the data.
Home Affairs Minister Clare O’Neil described the thieves as “rogue criminals”.