Medibank Warns its Clients of Hackers Who Started Leaking Stolen Confidential Data

Previously, the firm refused to pay the ransom.

Medibank, an Australian health insurance firm, issued a warning to its clients, knowing that cybercriminals have begun exposing some of their sensitive details. These details were stolen from the last month's hacking incident involving the company.

Public Release of the Clients' Stolen Data

Based on a report by TechCrunch, the data were published early Wednesday, Nov. 9, by a ransomware organization with connections to the renowned Russian-speaking REvil gang.

The hacked data reportedly include customers' names, birth dates, passport numbers, and medical claim information.

Medibank previously said that it would not be complying with the ransom demand. It cited only a minimal likelihood that paying the ransom would secure the recovery of client data and prevent its public release.

According to Agence France-Presse, the hackers sorted the names of the breach victims into a "naughty" and "good" list. The "naughty" list includes numerical diagnostic codes that seem to connect victims to drug addiction, alcohol misuse, and HIV.

For instance, the entry for "F122" in a file refers to cannabis dependency based on the WHO's International Classification of Diseases.

Is the Customers' Financial Information Safe?

Medibank spokeswoman Liz Green told TechCrunch via email on Wednesday that based on their latest investigation, they think the perpetrator did not access the credit card and banking credentials.

Despite Medibank's assurance that no banking or credit card credentials were obtained, TechCrunch claimed the screenshots of WhatsApp discussions reveal the ransomware gang also planned to publish "keys for decrypting credit cards."

Response to the Breach

Medibank and the Australian Federal Police (AFP) warn customers about future phishing schemes and unusual online account activity.

The company advises its clients not to reuse passwords and to set up multi-factor authentication on online accounts.

Green said Medibank established a cyber response assistance package for impacted clients. This covers hardship support, identity protection counseling, and ID replacement costs.

Moreover, the health insurance firm offers a wellness line, mental health outreach, and duress alarms that victims are welcome to utilize.

TechCrunch reported that AFP is probing the breach alongside Commonwealth and "Five Eyes" intelligence-sharing nations, including the UK, US, Canada, and New Zealand. Operation Guardian, the Australian

Australia established the Operation Guardian initiative in response to recent cyberattacks that started with Optus' data breach. Its service will be expanded to Medibank to safeguard its clients from "financial fraud and identity theft."

Operation Guardian will explore the dark and deep web for Medibank Private and Optus data, according to AFP Assistant Commissioner Cyber Command Justine Gough.

Background

The Medicare malware attack was carried out by an anonymous group of cybercriminals using a file-encrypting software version developed by REvil. To date, the group has released the personal information of around 200 Medibank clients.

On Tuesday, Medibank said that hackers had stolen the personal information of 9.7 million clients and the health claims data of about 500,000 others.

This article is owned by Tech Times

Written by Trisha Kae Andrada

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics