Addictions, addresses: Medibank hackers leak data
The Russian criminals behind the health insurance hack have started leaking customer's personal information.
The Russian criminals behind the health insurance data breach have started leaking customer's personal information.
Medibank customers with drug addictions have had their data leaked in the first tranche of sensitive personal information dumped by Russian hackers on Wednesday.
The data, posted in an unencrypted file named ‘naughty-list’ on the dark web for anyone to download, includes details for around 100 patients including if they had been treated for drug use, alcohol abuse anxiety, cannabis dependence or opioid addictions.
A so-called ‘good-list’ has also been posted, containing customer information including names and home addresses, birth dates and Medicare details.
The ransomware group has posted the details of hundreds of Australian customers so far after it gave Medibank 24 hours on Tuesday to pay a cyber ransom, which the company said it wouldn’t.
In the wake of the release on Wednesday Prime Minister Anthony Albanese, Home Affairs Minister Clare O'Neil and Deputy Opposition Leader Sussan Ley all confirmed they are Medibank customers.
Ley said she was "incredibly worried" following the cyber attack. "It might be fine for people to know when you had your last COVID vaccination... but I can tell you that it's not fine for people to know details of your sexual health of your mental health and for have that information weaponised against you by actors who have such ill will," she said.
O'Neil said people were entitled to keep their health information private and the releasing of personal medical information was "beyond the pale".
"Make no mistake about it, this is not just any ordinary group of... criminals, this is the lowest of the low."
Breaking:
— CyberKnow (@Cyberknow20) November 8, 2022
BlogXX/REvil have posted the first sample of #medibank data and claim that its difficult to filter so will release small amounts. A normal extortion tactic.#cybersecurity #infosec #auspol #Australia pic.twitter.com/2rQlbEvulO
“Looking back that data is stored not very understandable format (table dumps) we’ll take some time to sort it out,” they wrote in a post on the dark web at around 1am AEDT on Wednesday.
“We’ll continue posting data partially, need some time to do it pretty.”
The ransomware group, known as Blogxx or REvil, also posted apparent negotiation correspondence between it and Medibank.
A quick look at some of the data and it shows names of #Australian hospitals and also #medicare numbers, however a review of the larger files would be needed to confirm if it is #medibank data. pic.twitter.com/JGXhqkRBcG
— CyberKnow (@Cyberknow20) November 8, 2022
On Tuesday the hackers shared statement with a quote from Chinese philosopher Confucius and told people to sell their Medibank stocks along with an ultimatum for the insurance giant.
“A man who has committed a mistake and doesn’t correct it is committing another mistake. – Confucius,” they wrote.
“Data will be publish in 24 hours.”
On Tuesday Medibank chief executive David Koczkar said he was “devastated” for customers, saying they “deserve privacy”. But he said if Medibank caved to the demands of cyber criminals it would make Australia a softer target for repeat attacks.
“This is a significant decision for the business and we’ve had extensive expert advice and the reality of that advice is that there was a small chance that paying a ransom – you can call it extortion – that it was very unlikely they may return customer data,” Koczkar told The Australian.
“In fact, you just can’t trust a criminal. It’s more likely that this will put more of our customers at risk through increased extortion and actually make Australia a bigger target. That’s consistent with the government policy on paying ransom, so that’s why we’ve made the decision we have to not pay a ransom.”
O’Neil welcomed Medibank not paying the ransom, which was “consistent with Australian government advice”.
“I want Australia to be the most cyber-safe country in the world. The payment of ransoms directly undermines that goal,” she said.
“The Australian government, after a wasted decade for digital reform, is stepping up on cyber security and ransomware … we see and recognise the urgent need to address the conditions that have allowed the two largest cyber attacks in our history to occur within the space of two months.”
Koczkar said investigations into the incident showed the criminal accessed the name, date of birth, address, phone number and email address for around 9.7 million current and former customers and some of their authorised representatives.
The criminal also accessed health claims data for around 160,000 Medibank customers, around 300,000 ahm customers and around 20,000 international customers. This includes service provider name and location, where customers received certain medical services, and codes associated with diagnosis and procedures administered.
Some 5,200 My Home Hospital patients also had some personal and health claims data accessed, and around 2,900 next of kin of these patients have had some contact details accessed.
Primary identity documents, such as drivers’ licences, for Medibank and ahm resident customers were not accessed, but Medicare numbers (but not expiry dates) for ahm customers were caught up in the breach as were passport numbers (but not expiry dates) and visa details for international student customers.
As The Australian previously reported, the criminal behind the Medibank data hack bought login credentials to gain access to the network from an online Russian criminal forum and did extensive reconnaissance before collecting the data, which experts estimate would have lasted months.
I'm a Medibank customer what do I do?
Accept the "horse has bolted" is the advice of technology expert Trevor Long. "And now you need to be prepared to be peppered with spam, scams and hoaxes".
"These people now have your personal details so can tailor incredibly specific correspondence to you that looks legitimate. Just in the past day I've been sophisticated scams using MyGov. My simple advice is question everything. Do not fall for it," Long told The Oz.
He said most scammers will be looking for payment so will act like they are from organisations you frequently deal with like government agencies like the ATO or even Netflix. His advice should a random email lob into your inbox is to close it, don't click anything and go to a web browser and log into your account there instead.
"If you get a note saying you owe money, go to you secure account page online instead. Or pick up the phone and call an official number."
Also be prepared to be extorted.
"There will be increase in ransom attempts for sure, and sadly, some people will cave. However do not pay them, regardless of how convincing they are. If you pay once they'll continue to make you pay and you won't get that information back. Accept it's out there and be vigilant," Long said.
Long said these recent hacks now at Medibank and Optus could prove to be a good "national building exercise" and it's time for an "arms around Australia" movement given a lot of private and sensitive information about ourselves and others could soon be freely floating around the internet.
"It's not just personal details and credit card numbers it could be as in-depth as that time you needed to see a doctor for an STI or has a bout of depression and needed rehab. No one should do anything with that information about anyone, whether they are high profile or low profile, should it be seen online. We need to devalue that information for these hackers and instead offer support to those who are worried about a leak of their medical history," Long said.
Meghan Markle’s favourite face gym is opening in Australia, Greta Thunberg publishes Andrew Tate’s contact details
All the news that's fit to mint.
Emily Ratajkowski joins the competitive world of online dating, Nick Kyrgios quits at the last minute
All the news that's fit to mint.