KEY POINTS
- Medibank refused to pay the ransom, with the federal government backing their decision.
- The suspected hackers began releasing the stolen customer data on Wednesday, and published more on Thursday.
- Australian Federal Police are ramping up efforts to catch those behind the huge data breach.
The hackers behind the theft of Medibank data have reportedly released sensitive details of customers' medical procedures, including abortions, on the dark web.
The ransomware group also revealed they allegedly demanded a $US1 ($1.60) per customer ransom from the health insurer.
"Added one more file abortions.csv ...," the post said.
"Society ask us about ransom, it's a 10 millions USD (A$15.5 million). We can make discount 9.7m (A$15 million) 1$ (A$1.60)=1 customer."
The file reportedly included a spreadsheet with 303 patients' details alongside billing codes related to pregnancy terminations, including non-viable pregnancy, miscarriage and ectopic pregnancy.
During question time on Thursday, minister for cyber security Clare O'Neil described the release of the data as "morally reprehensible".
"I want to say, particularly to the women whose private health information has been compromised overnight, as the minister for cybersecurity but more importantly, as a woman, this should not have happened, and I know this is a really difficult time," she said.
"I want you to know that as a parliament and as a government, we stand with you. You are entitled to keep your health information private and what has occurred here is morally reprehensible and it is criminal."
Ms O'Neil said the government was working with the Australian Federal Police, the Australian Signals Directorate and Medibank to both provide support to victims and track down the criminals behind the attack.
"I want the scumbags behind this attack to know that the smartest and toughest people in this country are coming up you."
The group in the early hours of Wednesday morning under "good-list" and "naughty-list".
The first wave included names, birthdates, addresses, email addresses, phone numbers, health claims information, Medicare numbers for Medibank's ahm customers and passport numbers for international student clients.
"The files appear to be a sample of the data that we earlier determined was accessed by the criminal," Medibank confirmed on Wednesday.
Medibank had warned more customer data would be uploaded to the dark web, which is what appears to have happened in the early hours of Thursday.
Australia's largest private health insurer revealed earlier this week it had in return for the data not being released.
People whose highly sensitive health information was stolen and posted on the dark web will get the support they need, Australian Information Commissioner and Privacy Commissioner Angelene Falk said.
"These acts are abhorrent. To post Australians' sensitive health information on the dark web is very concerning," she told Nine's Today Show on Thursday.
"Right now, we need to support affected individuals."
Medibank has set up links to mental health services on its website.
'You do not pay the ransom'
Asked what people should do if they were contacted by someone claiming to have that information, federal minister Annika Wells reiterated the government's advice was not to pay ransoms and make a police report.
"You do not pay the ransom," she told Nine Network on Thursday.
"You're making the assumption that that is true and what we're saying is that may not necessarily be the case - plenty of scumbags out there are going to try and make the most of this situation."
Opposition cyber security spokesman James Paterson said there was no doubt affected Medibank customers will be very distressed.
"Unfortunately ... this is the worst-case scenario," he told ABC Radio, adding that companies need to take hacking threats seriously.
"If after Optus and Medibank they're not taking it seriously, they need their heads read."
Australian Federal Police are ramping up efforts to catch those behind the huge data breach.
Operation Guardian, which was set up to tackle the recent Optus hack, is being expanded to investigate the Medibank data theft.
"Of course we are worried, and that's why we have Operation Guardian in place working with state and territory police to identify members of the community who are at risk to identity fraud," AFP Assistant Commissioner Cyber Command Justine Gough said.
"If members of the community feel they are at imminent risk they should contact Triple Zero immediately."
Medibank has confirmed details of almost 500,000 health claims have been stolen, along with personal information, after the unnamed group hacked into its system weeks ago.
No credit card or banking details were accessed.