Another 241 Medibank customers have sensitive health data exposed
In the early hours of this morning the person or group claiming to be the Medibank hackers released more information from the breach onto the dark web along with a claim that they are in fact “true” to their word.
It is the third release in three days from the hackers, this time revealing the private health records of 241 Australian on an online ransomware forum.
The data file in this instance targets a particular medical diagnosis related to alcohol, and the victims are from all across Australia.
When releasing this new data, the hackers also posted an update to their message which appears to respond to the strong language used by Federal Cyber Security Minister Claire O’Neil in Parliament yesterday, saying “You telling that is disgusting (woof-woof), that we published some data. But we warned you, we always keep our word.
“If we wouldn’t receive a ransom – we should post this data, because nobody will believe us in the future. Same about our words, regarding we wouldn’t post any data in the future, if we receive a ransom payments.”
“We never lies – it doesn’t make any sense, if we lie to somebody – nobody will thread u as a serious business side.
“Imagine what scam wave would your customers get after that, how many would you invest to cover damages.”
It follows the release the night before of highly sensitive information regarding customers’ facing the termination of non-viable pregnancies.
Medibank has continued to follow expert and government advice, which has been to not pay the ransom.
The hacker forum contains a large amount of previous leaks, and the hackers’ words today indicate they are co-ordinated in their attacks with the previously-demanded $15 million ransom payment being their end goal.
Today’s release of data takes the total number of personal healthcare details released to 741, out of the estimated 480,000 Medibank say have been accessed by the hackers.
The remaining 9.2 million victims have had their names, addresses and personal contact details and Medibank numbers exposed – but no health records.
Cyber Security Minister Clare O’Neil said yesterday she had called Medibank’s CEO, David Koczkar, and made clear the community expectations around what support the insurer should be providing.
Medibank has repeatedly apologised to customers and condemned the posting of information.
It is offering multiple support services, including identity protection, counselling, and a support hotline for people left “uniquely” vulnerable by the hack.
O’Neil also issued a warning to the hackers.
“What has occurred here is morally reprehensible and it is criminal,” she said.
“I want the scumbags behind this attack to know that the smartest and toughest people in this country are coming after you.”
It was also revealed yesterday that the hack may have exposed the Virgin Frequent Flyer numbers of thousands of members, who have been temporarily blocked from accessing their accounts or redeeming travel points while the airline generates new numbers for them.
This latest development comes as Optus reveals its data breach will cost at least $140 million, including costs for replacing hacked identity documents.