8.8 C
New York
Sunday, January 29, 2023

Buy now

Data from Australian health insurers hacked on Dark Web

Data stolen from an Australian health insurer, including the names, addresses and birth dates of hundreds of customers, has been posted on a forum on the so-called dark web.

Data stolen from an Australian health insurer, including the names, addresses and birth dates of hundreds of customers, has been posted on a forum on the so-called dark web.

The files appear to be a sample of the data accessed, Medibank Private Ltd said. Wednesday in a statement. The company expects more data to be released after it said earlier this week that the hackers exposed information on about 9.7 million people.

The release of the personal information comes after a major data breach at the Optus unit of Singapore Telecommunications Ltd. in September, revealing the details of as many as 10 million customers. Other recent hacks on the pathology service provider Australian Clinical Labs Ltd. and Woolworths Ltd. subsidiary MyDeal have raised concerns that Australian companies are not doing enough to protect customer data.

The hackers warned early on Tuesday that they would release the data within 24 hours, a day after the Melbourne-based company said it would not pay a ransom as that would only encourage further crime. The leaked data contained details of about 100 customers, including their treatments for cannabis dependence, alcohol abuse, anxiety and drug use, the Australian Financial Review reported.

According to Bloomberg Intelligence analysts Matt Ingram and Jack Baxter, Medibank’s data breach could cost the company more than A$200 million ($129 million). The health insurer, which has already deferred premium increases for affected customers, could receive compensation of A$500 to A$20,000 for affected policyholders, the analysts said.

Medibank shares rose 0.7% in afternoon trading in Sydney on Wednesday. The stock is down about 20% since the hack was first discovered just under a month ago, wiping out about A$2 billion of the company’s market value.

The disclosure of the first batch of information and threats to post more could be intended to pressure Medibank to pay the ransom, said Josh Lemon, who teaches cybersecurity at the SANS Institute.

“Unfortunately, paying the ransom does not always guarantee that the data will not be released or sold to other cybercriminals,” Lemon said. “I don’t believe paying the ransom at this stage will do much more than slow down how quickly the data can be released.”

Home Secretary Clare O’Neil said Medibank’s decision not to pay ransom to cybercriminals was in line with government advice.

“Paying them just fuels the ransomware business model,” O’Neil says. “They are committed to taking action for a fee, but so often re-victimize companies and individuals.”

“Under no circumstances should Medibank consider paying the ransom,” Troy Hunt, who runs the breach tracking website, said haveibeenpwned. “Their position on this was correct and reflects the government’s position on cybercrime and ransom.”

The Australian Federal Police’s Operation Guardian, which was originally set up to protect victims of the Optus data breach, will be expanded to include victims of the Medibank hack, Assistant Commissioner Justine Gough said Wednesday.

The government also passed legislation on Wednesday increasing the penalty for repeated or serious privacy breaches to at least A$50 million.

“Significant privacy breaches in recent weeks have shown that existing safeguards are outdated and inadequate. This bill makes it clear to companies that the fine for a major data breach can no longer be seen as the cost of doing business,” Attorney General Mark Dreyfus said in a statement.

Source link

Related Articles


Please enter your comment!
Please enter your name here

Stay Connected


Latest Articles