“Scumbag” hackers who stole sensitive data from Medibank have started posting what they claim to be information about Australian women who have had to terminate non-viable pregnancies or have had abortions.
The new information published includes a spreadsheet with the names and personal details of 303 patients and policyholders along with billing codes relating to cancellations.
In a file on the dark web forum called “abortion”, the hackers included information about women who have undergone procedures.
They refer to termination of pregnancy but may include women who have had a non-viable pregnancy such as fetal abnormality, ectopic pregnancy, molar pregnancy, miscarriages and readmission for complications such as infection
In a new post by a Russian ransomware group claiming responsibility for the data breach, the hackers also offered to cut the cash payment they need to stop feeding patients’ private medical records.
“We can make a $ 9.7 million discount = 1 customer,” the post states.
Do you want to stream your news? Flash lets you stream over 25 news channels in one place. New to Flash? Try 1 month for free. Offer valid for a limited time only>
“Medical Banks [sic] The CEO said the ransom amount is “irrelevant”. We want to inform customers that they refuse to pay for yours [sic] extra data, such as USD 1 per person. So, customer data and extra effort probably don’t cost that. “
In response, Medibank confirmed today that it is aware that the criminal has released an additional file on a dark web forum containing customer data believed to have been stolen from Medibank’s systems.
“The release of this stolen data on the dark web is shameful,” said David Koczkar, CEO of Medibank.
“We take a responsibility to seriously protect our customers’ data and still apologize unreservedly to our customers.
“We remain committed to communicating fully and transparently with customers and will contact customers whose data has been released on the dark web.
“Arming people’s private information in an attempt to extort payments is harmful and an attack on the most vulnerable members of our community.
“These are real people behind this data and the misuse of their data is deplorable and could discourage them from seeking medical assistance,” he said.
Given the sensitive nature of stolen customer data, Medibank has again asked the media and others not to unnecessarily download sensitive personal data from the dark web and to refrain from contacting customers directly.
The Medibank hack began with the theft of the credentials of someone who had high-level access within the organization.
The login credentials appear to have been sold to a Russian-language cybercrime forum.
The more detailed explanation was provided by Medibank in an investor call on October 17: it refers to the stolen user credentials.
It revealed that it was Medibank itself that detected unusual activity in its cybersecurity systems.
This led the cybersecurity team to initiate incident response, supported by our cybersecurity partners.
Later that evening, Medibank identified that the unusual activity was focused on IT infrastructure.
The precautionary measure was taken to take systems offline to protect customer data. The ongoing investigation indicated that cybersecurity systems have detected activity consistent with the precursor to a ransomware event.
This initial discovery was shared with the Australian Cyber Security Center, which provided Medibank with further guidance to support this conclusion.
“We believe the compromised credentials were used to log into our systems,” Medibank told investors.
“I can confirm that our investigation shows that the systems were not encrypted by ransomware during this incident and there is also no indication that the incident was caused by a state-based threat actor.”
The Minister of the Interior on the leak of news on abortion
In Parliament, Interior Minister Clare O’Neil delivered a moving speech to women affected by the data leak, calling hackers “bundles”.
“As a parliament and as a government, we are with you,” he said.
“You have the right to keep your health information private and what happened here is morally reprehensible and criminal.
“In addition to the attention to the application and prevention of damage, much of the work of the national coordination mechanism in recent weeks has been to illustrate how the situation could evolve and for the different communities of victims ..
“I have spoken twice with the CEO of Medibank today with Minister Shorten and Minister Butler and have made the expectations of the Australian community abundantly clear.”
But it was a question from former interior minister Karen Andrews about “any specific action taken instead of simply expressing sympathy” that angered her successor.
“It is so regrettable that at a time like this, the opposition wants to politicize the pain and suffering of Australians,” he said.
“I am genuinely shocked. And I just can’t believe the people who are suffering, who have personal information about them revealed, that you are trying to politicize this.
“This problem did not start on May 22 (the day after the election), and I would say to those who oppose it, I have said several times that we are about five years behind where we need to be on cybersecurity.”
What Medibank offers to customers
A Cybercrime Health and Wellbeing Line (1800 644 325): Counselors who have experience in assisting vulnerable people (such as those at risk of domestic violence) and have been trained to support victims of crime and related issues. sensitive health information
Mental Health Awareness Service: Proactive support service for customers identified as vulnerable or via referral from our contact center team
Better Minds App: New tailored preventive health advice and resources specific to cybercrime and its impact on mental health and well-being, including tools for anxiety and fear management, with additional psychological support available by phone
Personal duress alarms – for customers who are particularly vulnerable and / or with security risks
Assistance in case of inconvenience for customers who are in a particularly vulnerable position due to this crime, which can be accessed through our contact center team (13 23 31 for Medibank and international customers, 13 42 46 for ahm customers and 1800 081 245 for My Home Hospital patients)
Expert advice and resources for identity protection through IDCARE’s specially created Medibank page
Free identity monitoring services for customers whose identity has been compromised as a result of this crime
Refund of identity document replacement fees for customers who need to replace any identity documents that have been compromised as a result of this crime
Specialized teams to help our customers who receive scam or threat communications