Medibank: Hackers release abortion data after stealing Australian medical records

2 years ago 22
ARTICLE AD BOX

The Medibank Private Limited logo is seen displayed on a smartphone screenImage source, Getty Images

Image caption,

The group behind the breach says more data will continue to be released

Hackers who stole customer data from Australia's largest health insurer Medibank have released a file of pregnancy terminations.

It follows Medibank's refusal to pay a ransom for the data, supported by the Australian government.

Medibank urged the public to not seek out the files, which contain the names of policy holders rather than patients.

CEO David Koczkaro warned that the data release could stop people from seeking medical attention.

Terminations can occur for a range of reasons including non-viable pregnancy, miscarriages and complications.

"These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care," he said.

The Medibank theft affects nearly four in 10 Australians and is the latest in a string of major data breaches in Australian companies in recent months.

The hackers this week published their first tranche of information after Medibank refused to pay a $10m (£8.7m; A$15.6m) ransom - about $1 for every customer.

Some Australians say they have been targeted by scammers after their medical details were posted online.

Former tennis champion Todd Woodbridge - who is recovering from a heart attack - said he had been pestered by calls from scammers who had known which hospital he had been in.

"I think I'm one of those people that have been scammed by the Medibank situation, I'm a customer of theirs," he told Melbourne radio station 3AW on Wednesday.

Image source, Getty Images

Image caption,

Ex-tennis player Todd Woodbridge says he has been pestered by scammers following the hack

He and others have criticised Medibank for the security breach.

Earlier this week the hackers released a set of customer detail files named "good-list" and "naughty-list".

The files included people's health claims data - including medical procedure history - as well as names, addresses, birthdates and government ID numbers.

Then on Thursday, the hackers on their forum added they had also: "added one more file abortions.csv...".

Medibank has apologised for what it has called the "malicious weaponisation" of private information. The hackers got the information after login details allowing access to all its customer data was stolen.

The Australian government has also defended the company's decision to not pay the ransom.

Both have warned that more releases of customer information are expected. Prime Minister Anthony Albanese has said that he is also Medibank customer.

In September, Australia's second-largest telecommunications firm Optus was also targeted for extortion, after the personal data of about 10 million customers was stolen in what the company called a cyber-attack.

Several Australians have identified themselves as being affected by both breaches.

The stolen Medibank data has been posted on a blog linked to Russian ransomware group REvil, local media have reported.

Read Entire Article