Hackers release more stolen medical data
Australia’s biggest health insurer, Medibank, has said hackers have released more of its stolen medical records, as media reports said the complete set of data on millions of customers was now public.
The latest release on the dark web follows progressive uploads, including records of customers’ mental health and alcohol use, that began after Medibank said on November 7 it would not pay a ransom.
“The raw data we have analysed today so far is incomplete and hard to understand,” chief executive David Koczkar said. “While there are media reports of this being a signal of ‘case closed’, our work is not over.”
Yesterday, the media reported a blog, believed by cyber experts to be used by the hackers, carried a new post: “Happy Cyber Security Day!!! Added folder full. Case closed.” It also included a file that had compressed files amounting to more than 5 gigabytes.
Reuters has not verified the contents of the latest files uploaded on the dark web, part of the World Wide Web that is accessible only with special software.
Medibank did not immediately respond to a question on whether it believed all stolen data had now been released.
Australian Federal Police last month said Russian-based hackers were behind the Medibank cyberattack, which compromised the details of almost 10 million current and former customers. Medibank revealed the breach on October 13.
In its latest update, Medibank said there were currently no signs that banking data had been stolen.
Personal details accessed by hackers were not enough to enable financial fraud, it added.
Six zipped files placed in a folder called “full” and containing raw data believed to have been stolen had been uploaded, Medibank said in a statement.