Medibank hackers release data on sexually transmitted infections after ransom demands unmet

Australians caught up in the Medibank hack have been dealt another blow after the Russian group behind the breach released more sensitive information overnight.

MEDIBANK STOCK

A ransomware group has dumped a fifth tranche of Medibank customer health data on the dark web. Source: AAP / DIEGO FEDELE

Key Points
  • Medibank said the data comprised four files containing 1,496 records.
  • Some 123 records are from the previous files released.
  • The Australian Federal Police is investigating the hack.
The Russian cybercriminals behind the Medibank hack have released stolen data about sexually transmitted infections and other health conditions, stepping up the pressure on the nation's biggest health insurer.

The ransomware group dumped the fifth tranche of customer health information on the dark web overnight after to get it back.

"Added more files psycho.csv, hiv.csv, viral_hepatitis.csv, std.csv, ....", they said in a post on Sunday seen by AAP.
They had not posted any new files since 13 November, when they announced they were bypassing a week "in a hope something meaningful happens" regarding their ransom demands.

Medibank said the data comprised four files containing 1,496 records.

Some 123 records are from the previous files released.

"We are conducting further analysis on the files today to determine their accuracy. Previous files released have not matched our records," it said.
Medibank confirmed there was information on chronic conditions such as heart disease, diabetes and asthma, people with cancer and , including delerium, and other conditions.

"Again, I unreservedly apologise to our customers," Medibank CEO David Koczkar said in a statement.

He warned there were real people behind the data.

"Anyone who downloads this data from the dark web, which is more complicated than searching for information in a public internet forum and attempts to profit from it is committing a crime," Mr Koczkar said.

Medibank also reminded customers impacted by the data theft they can get help through its Cyber Response Support Program.
This includes mental health and wellbeing support, identity protection and financial hardship measures.

"We remain committed to fully and transparently communicating with customers and we will continue to contact customers whose data has been released on the dark web," Mr Koczkar said.

Last week at Medibank's annual meeting in Melbourne, its executives stood by the decision not to pay the ransom to , saying it would only encourage other criminals and more hacks.

Medibank also increased its customer support team by more than 300 people.

The Australian Federal Police is investigating the hack.

Share
2 min read
Published 20 November 2022 1:34pm
Source: AAP



Share this with family and friends