Hackers demanded $10 million to stop the leak of highly sensitive data stolen from a major Australian healthcare company.
Hackers on Thursday demanded $10 million to stop leaking highly sensitive data stolen from a major Australian healthcare company for uploading even more intimate details about customers.
Medibank, Australia’s largest private health insurer, confirmed this week that hackers had gained access to the information of 9.7 million current and former customers, including Prime Minister Anthony Albanese.
The hackers uploaded a second batch of files to a dark web forum on Thursday, detailing more sensitive details about hundreds of Medibank customers.
The first leaks appear to have been selected to do maximum damage, targeting those who have received treatment for drug abuse, sexually transmitted infections or terminations of pregnancy.
“Another abortions.csv file added,” the anonymous hackers wrote on the forum, before explaining their ransom threat.
“The company is asking us for ransom, it’s USD 10 million. We can give a discount… $1 = 1 customer.”
Medibank has repeatedly refused to pay the ransom.
– ‘Profit and greed’ –
The Medibank hack — and a previous data breach that affected nine million customers at telecom company Optus — has raised questions about Australia’s ability to fend off cybercriminals.
Dennis Desmond, a former FBI agent and US Defense Intelligence Agency officer, said Australia was no worse “than any other high-profile target or Western country”.
“It’s a shame, but I don’t think Australia is more vulnerable than any other developed Western country,” he told AFP.
Desmond said it’s unlikely that for-profit hackers will pick a specific country — and they’re typically more interested in targeting companies that have valuable data.
“It’s the data types that are most interesting to these hackers,” he said.
“Healthcare data is a huge target and personally identifiable data is of great value.
“In general, profit and greed are the main drivers.”
– ‘Scummy criminals’ –
The Medibank hack likely contains data on some of the country’s most influential and wealthy individuals.
Medibank CEO David Koczkar condemned the “outrageous” extortion tactics.
“Weaponizing people’s personal information in an attempt to extort payment is malicious and it is an attack on the most vulnerable members of our community.”
The group behind the attack appears to be pressuring Medibank by looking for the most potentially harmful personal information in the files.
The first records posted to the dark web forum were divided into “naughty” and “nice” lists.
Some on the “naughty” list had numerical codes that seemed to link them to drug addiction, alcohol abuse and HIV infection.
For example, one record contained an entry that read: “p_diag: F122”.
F122 corresponds to “cannabis dependence” under the International Classification of Diseases published by the World Health Organization.
Names, addresses, passport numbers and dates of birth are also included in the data.
Home Secretary Clare O’Neil has described the hackers as “scummy criminals”.