‘Immense harm’: Federal police investigating threat to sell Australians’ health data

Posted on : October 19, 2022
‘Immense harm’: Federal police investigating threat to sell Australians’ health data

Home Affairs Minister Clare O’Neil has warned Australians are at risk of “immense harm” if the health information allegedly stolen by hackers from Medibank Private, which counts about 4 million customers, becomes public.

The Australian Federal Police have begun an investigation into the ransom demand that Medibank received on Wednesday. It was also obtained by The Sydney Morning Herald and The Age and contains a threat from the hackers to first target 1000 high-profile Australians with their own data as a warning.

Police are investigating threats made in the wake of a a major cybersecurity breach at Medibank Private. Credit:Louise Kennerley

O’Neil said all cybersecurity breaches, which typically involve the theft of names or financial information, were very concerning but the Medibank breach appeared worse.

“What we have here is information that’s held by this organisation, which is healthcare information and that just on its own being made public can cause immense harm to Australians,” said O’Neil, who is also the minister for cybersecurity. “And that’s why we are so engaged with this and trying to help Medibank [with] understanding what’s happened so we can repair it.”

That health data could potentially be used to establish whether a person has had a sexually transmitted disease or is seeking help with a mental health issue. However, the hackers’ claims to have that level of data have not been confirmed and paying a ransom does not guarantee it would be returned or deleted, given the inherently criminal nature of the hackers’ actions.

Australia’s cybersecurity and spying agency, the Australian Signals Directorate, are assisting Medibank as are private cybersecurity companies.

Medibank boss David Koczkar has apologised for the breach.Credit:Arsineh Houspian

As recently as Monday this week Medibank had reassured investors and customers that there was no sign that data had been taken in a breach it detected last week. Medibank chief executive David Koczkar on Wednesday apologised and said the insurer was doing everything it could to protect staff and customers.

O’Neil, who has spoken to Koczkar, said the number of people whose data was stolen is still unknown.

“The facts are still being established,” she said on ABC radio. “And I appreciate it might be hard to understand this from outside of a large organisation. But when you’ve got a complex technological system, it takes a bit of time to understand what has changed in that system in the event of an attack.”

O’Neil said the breach gave the government a strong mandate to toughen Australia’s laws, which it flagged in the wake of the hack on Optus last month in which details on almost 10 million Australians were exposed, but have not been unveiled.

“We are going to be under relentless cyberattack, essentially from here on in,” O’Neil said. “And what it means is that we need to do a lot better as a country to make sure that we are doing everything we can within organisations to protect customer data, and also for citizens.”

A spokesman for the Australian Federal Police issued a brief statement when asked about the breach, saying: “The AFP is aware of the matter and has no further comment at this stage.”

More to come

Most Viewed in Technology

From our partners

Source: Read Full Article