fbpx
The annual Global Impact Conference 2022 brings together visionary business leaders to revolutionize educational systems and inspire collaborative actionRead more APO Group announces content partnership with Pan-African broadcaster VoxAfricaRead more MainOne, an Equinix Company’s MDXi Appolonia Achieves Tier III Constructed Facility certification (TCCF), Now Most Certified Data Center in GhanaRead more United Nations High Commissioner for Refugees (UNHCR) warns rising tide of hunger, insecurity, and underfunding worsening gender-based violence risksRead more The Royal Thai Embassy presents the cultures of Thailand at the Association of Southeast Asian Nations (ASEAN) Festival in KenyaRead more Climate change is the biggest global threat, young people in Africa and Europe tell European Investment Bank (EIB), Debating Africa and Debating EuropeRead more $2 million in prizes awarded at Conference of the Parties (COP27) to African youth-led businessesRead more Africa and Europe’s top business and public sector leaders gather to chart Africa’s economic rebirthRead more The Thai delegation’s active participation at the 145th Assembly of the Inter-Parliamentary Union (IPU) in KigaliRead more Canon shares winning image of its Redline Challenge competition 2022Read more

Hackers demand $10 mn for stolen Australian health records

show caption
Hackers are demanding US$10 million to stop leaking sensitive records they stole from Medibank, Australia's largest private health insurer./AFP
Print Friendly and PDF

Nov 10, 2022 - 12:57 PM

SYDNEY, AUSTRALIA — Hackers on Thursday demanded US$10 million to stop leaking highly sensitive records stolen from a major Australian healthcare company, as they uploaded yet more intimate details about customers.

Medibank, Australia’s largest private health insurer, confirmed this week that hackers had accessed the information of 9.7 million current and former clients, including Prime Minister Anthony Albanese.

The hackers on Thursday uploaded a second batch of files to a dark web forum, with more sensitive details about hundreds of Medibank customers.

The first leaks appear to have been selected to cause maximum harm: targeting those who received treatment related to drug abuse, sexually transmitted infections or pregnancy terminations.

“Added one more file abortions.csv,” the anonymous hackers wrote on the forum, before detailing their ransom threat.

“Society ask us about ransom, it’s 10 million USD. We can make discount… $1 = 1 customer.”

Medibank has repeatedly refused to pay the ransom.

‘Profit and greed’ 

The Medibank hack — and an earlier data breach impacting nine million customers at telecom company Optus — has raised questions about Australia’s ability to repel cyber criminals.

Dennis Desmond, a former FBI agent and US Defense Intelligence Agency officer, said Australia was no worse “than any other high-value target or Western country”.

“It’s very unfortunate, but I don’t think Australia is any more vulnerable than any other Western developed nation,” he told AFP.

Desmond said profit-driven hackers were unlikely to single out a specific country — and were typically more interested in targeting companies holding valuable data.

“It’s the data types that are of the most interest to these hackers,” he said.

“The healthcare data is a huge target and personally identifiable data is high-value.

“Generally, profit and greed are the number one drivers.”

‘Scummy criminals’ 

The Medibank hack is likely to include data on some of the country’s most influential and wealthy individuals.

Medibank chief executive David Koczkar condemned the “disgraceful” extortion tactics.

“The weaponisation of people’s private information in an effort to extort payment is malicious and it is an attack on the most vulnerable members of our community.”

The group behind the attack appears to be pressuring Medibank by hunting for the most potentially damaging personal information within the records.

The first records posted to the dark web forum were separated into “naughty” and “nice” lists.

Some on the “naughty” list had numeric codes that appeared to link them to drug addiction, alcohol abuse and HIV infection.

For example, one record carried an entry that read: “p_diag: F122”.

F122 corresponds with “cannabis dependence” under the International Classification of Diseases, published by the World Health Organization.

Names, addresses, passport numbers and birth dates were also included in the data.

Home Affairs Minister Clare O’Neil has described the hackers as “scummy criminals”.

  • bio
  • twitter
  • facebook
  • latest posts

MAORANDCITIES.COM uses both Facebook and Disqus comment systems to make it easier for you to contribute. We encourage all readers to share their views on our articles and blog posts. All comments should be relevant to the topic. By posting, you agree to our Privacy Policy. We are committed to maintaining a lively but civil forum for discussion, so we ask you to avoid personal attacks, name-calling, foul language or other inappropriate behavior. Please keep your comments relevant and respectful. By leaving the ‘Post to Facebook’ box selected – when using Facebook comment system – your comment will be published to your Facebook profile in addition to the space below. If you encounter a comment that is abusive, click the “X” in the upper right corner of the Facebook comment box to report spam or abuse. You can also email us.