Ransomware gang begins exposing Medibank data

medibank declines to pay ransom

A few days after the Australian health insurance Medibank declared it would not pay a ransom, the ransomware organisation started exposing client information about Medibank on the dark web. Following threats to release data on Tuesday, the initial dump, which was a few hundred megabytes in size, was shared overnight on a blog associated with the Russian ransomware gang REvil. Numerous names, residences, birthdates, Medicare numbers, and hospital addresses are included in the data, which is divided into "good list" and "naughty list" lists.

The data is now kept in a "not very intelligible format" of table dumps, according to the suspected hacker, and they will continue to post data in fragments. According to Medibank, the hack has impacted 9.7 million present and previous clients. This number also includes 1.8 million overseas clients, 2.8 million ahm clients, and 5.1 million Medibank clients. Names of the service providers as well as the procedure and diagnosis codes were disclosed.

5,200 patients from My Home Hospital had their personal and medical information accessed, and 2,900 of those patients' next of kin had some of their contact information accessed. Additionally, the hacker published screenshots of interactions they claimed to have had with Medibank regarding the disclosure of the data. The last communication took place on November 7, the day Medibank made it known it would not be paying the ransom.

According to Medibank, the files that have been made public appear to be the data sample that the hacker initially gave to the insurer. Also according to Medibank, the information contains Medicare numbers for ahm clients, certain passport numbers for international students, and a small amount of health claims information. The business stated in a statement on Wednesday, "We expect the criminal will continue to publish the files on the dark web."

David Koczkar, CEO of Medibank, expressed regret to clients. He declared, "This is a criminal conduct intended to inflict injury and sorrow on our clients. "We stand ready to serve our clients and take seriously our responsibility to keep them secure." Customers should be cautious since scammers may target them via phone, email, or texts from unfamiliar or suspect numbers, according to Medibank.

On Monday, Koczkar warned the Guardian Australia that paying a ransom might lead to the targeting of clients or other companies. Simply put, you can't trust thieves. For our customers' and other Australians' best security is avoiding paying the ransom, he stated. founder and cybersecurity expert Troy Hunt wrote on Twitter that the data dump was "about as awful as we anticipated it would become."

In response to a question from the parliament, Clare O'Neil, the minister of home affairs, said she "cannot explain the contempt I have for the scumbags who are at the core of this heinous conduct." According to O'Neil, the government had been preparing for the possibility that the data would be released, and a "national coordination mechanism" had been established between the Home Affairs and the Health Department. This mechanism entails safeguarding government data, cooperating with state police, assisting those who are affected, and offering mental health support and councelling.

She said that she and Prime Minister Anthony Albanese are also Medibank clients, "I have already stated that we are approximately five years behind where we should be in terms of cybersecurity, and there is currently significant work being done to remedy that. To defend you and our nation, we are working very hard."

According to the State of Ransomware 2022 research from cybersecurity company Sophos, 46% of organisations who experienced ransomware attacks decided to pay the ransom, but just 4% really got all of their data returned without encryption. The Australian federal police said on Wednesday that the 10,000 Optus customers whose personal information was leaked earlier this year are protected under Operation Guardian, This expansion will also cover those Medibank clients who have been exposed.

Response of the authorities

AFP assistant commissioner for cyber command Justine Gough said in a statement that "Operation Guardian will be aggressively monitoring the clear, dark, and deep web for the sale and dissemination of Medibank Private and Optus data." "Law enforcement will act swiftly against anyone trying to abuse, profit from, or engage in criminal activity utilising stolen Medibank Private data," the statement read.

Gough also warned against attempting to download or access the data on your own because it might be considered unlawful. "We interrupt the sale and distribution of the unlawfully obtained data," Gough added, "using the powers and authorities of all of our agencies."

Reece Kershaw, the commissioner of the Australian Federal Police, informed Senate hearings on Tuesday that Operation Palladius had been started to look into the Medibank data breach. Additionally, the agency is conducting independent investigations into the Optus and MyDeal data breaches as well. The AFP has devoted a lot of resources to these investigations, making them long and intricate he said.