Hackers leak Australian health records on dark web

Hackers leak Australian health records on dark web

Hackers have begun leaking sensitive medical records stolen from an Australian health insurer with nearly 10 million customers, including the prime minister
Hackers have begun leaking sensitive medical records stolen from an Australian health insurer with nearly 10 million customers, including the prime minister. Photo: Saeed KHAN / AFP/File
Source: AFP

PAY ATTENTION: Сheck out news that is picked exactly for YOU ➡️ find “Recommended for you” block on the home page and enjoy!

Hackers on Wednesday began leaking sensitive medical records stolen from an Australian health insurer with nearly 10 million customers, including the prime minister, after the firm refused to pay a ransom.

Medibank told investors that a "sample" of data from some 9.7 million clients had been posted on a "dark web forum" -- and that more leaks were likely.

Sensitive records were posted anonymously in the early hours of Wednesday and included names, birth dates, passport numbers and information on medical claims for hundreds of customers.

The victims were separated into a "naughty" list and a "nice" list.

Some on the "naughty" list had numeric codes that appeared to link them to drug addiction, alcohol abuse and HIV.

For example, one record carried an entry that read: "p_diag: F122".

Read also

Australian insurer warns of 'distressing' hack threat

PAY ATTENTION: Enjoy reading our stories? Join YEN.com.gh's Telegram channel for more!

F122 corresponds with "cannabis dependence" under the International Classification of Diseases, published by the World Health Organisation.

Prime Minister Anthony Albanese, himself a Medibank customer, said the attack was a "wake-up call" for corporate Australia.

"I am a Medibank Private customer as well and it will be of concern that some of this information has been put out there," he said.

The leaked data was posted on a dark web forum that cannot be found using conventional web browsers.

Medibank -- which provides private health insurance to Australians wishing to supplement universal public healthcare -- informed the Australian Securities Exchange about the leak shortly before the market opened.

"The files appear to be a sample of the data that we earlier determined was accessed by the criminal," the company said in a statement.

"We expect the criminal to continue to release files on the dark web."

Read also

Australian insurer warns of 'distressing' data threat

The hackers were following through on an earlier threat to publish the data unless Medibank paid an undisclosed ransom.

"P.S I recommend to sell Medibank stocks," the purported hackers wrote on the forum about 24 hours before the first batch of data was released.

With the political backing of Australia's federal government, Medibank on Tuesday refused the demand -- instead warning customers to remain "vigilant".

"Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers' data and prevent it from being published," Medibank boss David Koczkar said.

'Scumbags' and 'crooks'

The group also uploaded what they said were a series of exchanges between themselves and Medibank representatives.

"We will do everything in our power to inflict as much damage as possible for you, both financial and reputational," one message read.

Read also

Greek PM slams wire-tapping claims as 'incredible lie'

The security breach has already wiped hundreds of millions of US dollars off Medibank's market value, with the company's share price down over 20 percent since October, when news of the leak first emerged.

AFP Assistant Commissioner Cyber Command Justine Gough said the "criminal or criminal groups" responsible for the hack could be operating outside of Australia.

Australia's assistant treasurer Stephen Jones said they were "scumbags" and "crooks".

"We shouldn't be giving in to these fraudsters," he told Sky News Australia.

"The moment we fold, it sends a green light to scumbags like them throughout the world that Australia is a soft target."

As Medibank scrambles to contain the leak, it is also staring down the barrel of a potentially-costly class action lawsuit.

Two law firms said Tuesday they had joined forces to investigate whether Medibank had breached its obligations to customers under the country's Privacy Act.

The Medibank hack followed an attack on telecom company Optus in September that exposed the personal information of some nine million Australians.

New feature: Сheck out news that is picked for YOU ➡️ find “Recommended for you” block on the home page and enjoy!

Source: AFP

Authors:
AFP avatar

AFP AFP text, photo, graphic, audio or video material shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium. AFP news material may not be stored in whole or in part in a computer or otherwise except for personal and non-commercial use. AFP will not be held liable for any delays, inaccuracies, errors or omissions in any AFP news material or in transmission or delivery of all or any part thereof or for any damages whatsoever. As a newswire service, AFP does not obtain releases from subjects, individuals, groups or entities contained in its photographs, videos, graphics or quoted in its texts. Further, no clearance is obtained from the owners of any trademarks or copyrighted materials whose marks and materials are included in AFP material. Therefore you will be solely responsible for obtaining any and all necessary releases from whatever individuals and/or entities necessary for any uses of AFP material.