Hackers drop to new low
But ‘no insurance codes for STDs’: Medibank
RUSSIAN cyber criminals have released the fifth tranche of stolen Medibank data in four folders labelled “sexually transmitted diseases”, “HIV”, “psycho” and “viral hep” as they escalate their assault on Australia’s biggest health insurer.
The release of the records is aimed at causing maximum harm after Medibank chief executive David Koczkar and chairman Mike Wilkins said the company would not pay a $15m ransom demand.
While the names of the folders are targeted at causing mass anxiety among customers, Medibank said there were no health insurance treatment codes for sexually transmitted diseases and asked media to refrain from using the hackers’ description of the data.
The four folders, published on the dark web on Sunday, contain about 1500 customer records. Medibank has analysed the data and found that it did not include any customers with an STD diagnosis.
“Previous files released have not matched our records,” Mr Koczkar said.
“We encourage all Australians to seek medical care for any physical or mental health conditions that impact them, free from any shame or stigma. We will continue to support all people who have been impacted by this crime through our Cyber Response Support Program. This includes mental health and wellbeing support, identity protection and financial hardship measures.”
The hackers released the latest folders without any further comment. Instead, they published a link to a YouTube video from Russian nationalist Simeon Boikov, who lives in Sydney. The video shows an interview with a purported Medibank customer, accusing the health insurer of “putting profits over people” by deciding not to pay a ransom.
The release of the data comes after Mr Wilkins told shareholders at Medibank’s annual meeting in Melbourne last week that executives would keep their bonuses – which total more than $7.5m – following the attack, which is one of Australia’s biggest cyber heists, exposing the data of almost 10 million customers, including that of Anthony Albanese. Mr Wilkins said the board would not consider adjusting remuneration until next year after it completes an external review of the attack.
On Sunday, Mr Koczkar said anyone who attempted to download the stolen data was committing a crime, with the Australian Federal Police investigating the attack.
“We continue to work closely with the Australian Federal Police who are focused, as part of Operation Guardian, on preventing the criminal misuse of this data,” he said. “These are real people behind this data and the misuse of their data may discourage them from seeking medical care.”
Almost $2bn has been wiped off Medibank’s market value since it disclosed the attack last month. After the hackers failed to gain a ransom payment from Medibank – which they said equated to $1 per customer – they have released customer health records, including treatment for drug and alcohol abuse, various mental health conditions and abortions.
Melbourne headquartered law firm Maurice Blackburn is investigating a legal claim to determine whether customers are entitled to compensation.
Medibank has urged customers to contact its cybercrime hotline or mental health support line, Beyond Blue, Lifeline or their GP.