Hackers post booze data
Medibank warns customers to brace for more
RUSSIAN hackers have escalated their attack on Medibank, releasing the health records of customers who have undergone treatment for alcohol abuse.
And chief executive David Koczkar has warned customers to prepare for the release of more of their sensitive data in coming days as the hackers step up their “relentless” pursuit of Medibank.
About 240 customers have been exposed during the latest release of data on to the dark web, aimed at inflicting maximum harm on Australia’s biggest health insurer after it refused to pay a $15m ransom.
It is the third mass release of data since Mr Koczkar declared the company would not cave in to the demands of the cyber criminals, who breached the insurer’s customer database after they bought a highlevel Medibank login from an online Russian criminal forum.
Other data released include customers who have received treatment for drug dependence and terminations for unviable pregnancies.
“You telling that is disgusting (woof-woof), that we published some data. But we warned you, we always keep our word, if we wouldn’t receive a ransom – we should post this data, because nobody will believe us in the future,” the purported hacker wrote in a post on Friday.
“Same about our words, regarding we wouldn’t post any data in the future, if we receive a ransom payments. We never lies – it doesn’t make any sense, if we lie to somebody – nobody will treat u as a serious business side.”
Mr Koczkar branded the latest data release “disgraceful” and warned customers that the fallout of the cyber assault on
Medibank was not yet over.
“I unreservedly apologise to our customers,” he said.
“Unfortunately, we expect the criminal to continue to release stolen customer data each day. The relentless nature of this tactic being used by the criminal is designed to cause distress and harm.”
Mr Koczkar also said the release of customers’ sensitive health data on the dark web could dissuade people from seeking medical treatment.
“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care.
“It’s obvious the criminal is enjoying the notoriety. Our single focus is the health and wellbeing and care of our customers. We remain committed to fully and transparently communicating with customers and we will be contacting customers whose data has been released on the dark web.”
Medibank has urged the media and others to not download the data posted on the dark web and contact customers. “We will continue to support all people who have been impacted by this crime through our Cyber Response Support Program. This includes mental health and wellbeing support, identity protection and financial hardship measures,” Mr Koczkar said.
Medibank admitted on October 19 that hackers had stolen the information of 9.7 million customers and wished to negotiate a ransom. It was reported on Wednesday that the company had entered into lengthy discussions with the hackers, known as Revil, but later abandoned them.
One of the purported hackers – named for a villain from the Saw film franchise – said the group had asked for a $US10M ransom ($15.6m).