Medibank hackers threaten to release stolen health data in ransom demand

A purported hacking group has threatened to sell extensive health information about customers of Medibank Private, including diagnoses of sensitive medical conditions and credit card information, unless the insurance company pays a ransom.

The Sydney Morning Herald and The Age have been unable to verify the authenticity of the claims made in the threat or the identity of the hackers. But in a purported message to Medibank, seen by this masthead, the company was told that the hackers claim to have 200 gigabytes of stolen sensitive information. They say they have sent proof of the authenticity of the stolen data to Medibank and offer to send more, before issuing a series of threats in poor English to back up their blackmail.

Medibank detected a cybersecurity breach last week and began investigating.Credit:Louise Kennerley

“We offer to start negotiations in another case we will start realizing our ideas like 1. Selling your Database to third parties 2. But before this we will take 1k most media persons from yourdatabase (criteria is: most followers, politicians, actors, bloggers, LGBT activists, drug addictive people, etc) Also we’ve found people with very interesting diagnoses. And we’ll email them their information.”

Hackers routinely demand major ransoms for the return or deletion of stolen information but payment is no guarantee that they will follow through, given the criminal nature of their actions.

In a statement released to the ASX on Wednesday afternoon, the company said: “Today Medibank Group has received messages from a group that wishes to negotiate with the company regarding their alleged removal of customer data.

“This is a new development and Medibank understands this news will cause concerns for customers and the protection of their data remains our priority.

“Medibank is working urgently to establish if the claim is true, although based on our ongoing forensic investigation we are treating the matter seriously at this time.”

Medibank claims to have 3.9 million customers across its premier Medibank and cheaper ahm brands.

A series of Australian businesses, from wine seller Vinomofo to Woolworths’ MyDeal marketplace to the telecommunications giant Optus, have disclosed cyberattacks in recent weeks, thrusting the issue into the national spotlight. It has prompting the government to promise urgent reform that could increase fines for failures to safeguard data or delete it when no longer required. There is no suggestion either of those things occurred with Medibank.

On Tuesday last week Medibank detected unusual activity on its network, contacted authorities and took its ahm and international student policy systems online as a defensive measure. The systems were restored days later and the company initially stressed it had no evidence that sensitive information had been accessed.

Chief executive David Koczkar apologised to customers when the breach was first revealed and said he understood their concern. “Our highest priority is resolving this matter as transparently and quickly as possible,” he said in a statement. “We will continue to take decisive action to protect Medibank Group customers and our people.”

As recently as Monday this week, Medibank said: “there remains no evidence customer data has been removed from the network” but it added the caveat that “investigation continues”.

More to come.

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.

Most Viewed in Technology

From our partners

Source: Read Full Article