The breach at Medibank, an Australian health insurance provider, started with the theft of the credentials of an employee with high-level access to the organization, according to The Guardian's source. These data were then sold on a cybercrime forum written in the Russian language.
Due to a cyber issue, the firm informed its clients on Oct. 13 that it had temporarily shut down two services. It then revealed that hackers had told them about the missing 200GB of consumer data from Medibank's servers.
The "negotiation" from the hacker contained 100 records with personal information such as names, addresses, dates of birth, Medicare numbers, phone numbers, and details regarding medical claims such as diagnoses, treatments, and locations of medical services.
Information From the Insider
Medibank has spent the previous two weeks investigating the attack's origins. The Australian Signals Directorate (ASD) and the Australian Federal Police (AFP) have both joined the probe.
The insider, who was not authorized to talk publicly, speculated that the assault began when a hacker obtained credentials from an employee at Medibank with administrative access and then offered them for sale on a Russian-language cybercrime forum.
Subsequently, another hacker or gang of hackers allegedly purchased the credentials and went into Medibank's network, setting up not one but two backdoors in case the first one was detected.
Inside Medibank, there's a widespread belief that the attacker scanned the whole network and internal systems, not just the customer database, before using a proprietary tool to extract data from the database and compress it into a zip file they later retrieved from the network.
Thereafter, Medibank discovered the unusual activities, discovered the two backdoors, and sealed them; thus, the source said. In addition, the insurer was warned by the ASD that it might be the target of a ransomware assault that ultimately never materialized.
It has not yet been made public when exactly the data were stolen or when the hack was originally initiated. The number of Medibank's clients whose information may have been exposed remains unknown.
Multi-factor authentication might have been broken or just ignored.
The Recurring Scam
Australian Strategic Policy Institute's head of international cyber policy, Fergus Hanson, identified the fraud, which included the theft and sale of high-level credentials. Given this, it is possible that hackers might write software to script out the data automatically.
Hanson is optimistic about telling The Guardian that the incident is preventable.
"Could they have done better? Yes, maybe they could have done better. Is every organization gripped up to deal with this? Well, absolutely not. [But Medibank] are in a really privileged position, handling people's healthcare data, so I think there is a genuine case to answer there."
The Optus data breach, which exposed up to 10 million consumers, the Woolworths data breach, and the Vinomofo data breach are just a few of the high-profile data breaches that have occurred in Australia in the last month Medibank is the latest.
This article is owned by Tech Times
Written by Trisha Kae Andrada