The Guardian Australia

Medibank hackers release 1,500 more patient records on dark web, including mental health data

- Michael McGowan

Russian cybercrimi­nals have released a fifth tranche of stolen data from the private health insurer Medibank, including the details of treatment for mental health.

The company’s chief executive, David Koczkar, on Sunday confirmed the hackers, who obtained the records of millions of current and former customers in a ransomware attack last month, had released the details on the dark web.

It comes after the company refused to pay a US$10m ransom to the hackers, who the Australian federal police have said are likely Russian cybercrimi­nals. The data was released in four folders containing about 1,500 patient records.

In a statement, Medibank confirmed the data included details on chronic conditions such as heart disease, as well as the patient details of people with cancer, dementia, mental health conditions and infections.

“Some of the people on the list have had diagnoses that include mental illnesses, or delirium, which is an acute change in mental status that can be triggered by illness, injury, surgery, or medication­s,” the company said in a statement.

“Delirium is a temporary condition that’s not uncommon in hospital, particular­ly for elderly people, as they become disoriente­d to their surroundin­gs.”

In a statement, Koczkar said the company was still determinin­g the accuracy of the latest data leak, which contained about 1,500 patient files. Of those, the company said 123 records had been released in previous tranches of data. But some previously released data had not matched the company’s records, he said, and the company’s analysis of the latest patient records showed many did not match the descriptio­ns posted by the hackers.

“We will continue to support all people who have been impacted by this crime through our Cyber Response Support Program. This includes mental

health and wellbeing support, identity protection and financial hardship measures,” Koczkar said.

“The Australian Federal Police have said law enforcemen­t will take swift action against anyone attempting to benefit, exploit or commit criminal offenses using stolen Medibank customer data. We continue to work closely with the Australian Federal Police who are focused, as part of Operation Guardian, on preventing the criminal misuse of this data.

“Again, I unreserved­ly apologise to our customers. We remain committed to fully and transparen­tly communicat­ing with customers and we will continue to contact customers whose data has been released on the dark web.”

 ?? Photograph: Morgan Hancock/AAP ?? Medibank CEO David Koczkar has again apologised to customers after more sensitive records were released on the dark web.
Photograph: Morgan Hancock/AAP Medibank CEO David Koczkar has again apologised to customers after more sensitive records were released on the dark web.

Newspapers in English

Newspapers from Australia