Read Time:2 Minute, 3 Second
Australian health insurer Medibank Private Ltd was attacked by threat actors recently. According to reports, the hackers were able to gain sensitive information from nearly 10 million clients and are leaking data into the dark web.
Medibank first reported that it detected unusual activity in its internal systems on 13 October but didn’t find evidence that customer data had been accessed. A few days later, the company received a ransom request from who was thought to be the Russian ransomware group REvil. The group threatened to leak customer information if the company didn’t pay US$1 for each 9.7 million client information they hacked.
Medibank didn’t pay the ransom and took all the steps recommended by the government, such as regularly updating their clients on the situation and promoting transparency. However, their tactic didn’t work.
“Unfortunately, we expect the criminal to continue to release stolen customer data each day,” notes Medibank CEO David Koczkar. He added, “In fact, paying could have the opposite effect and encourage the criminal to extort our customers directly, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.”
Hackers trickled sensitive information on the dark web. They started publishing regular medical information they tagged the ‘nice list. Then they posted the ‘naughty list’ containing information on Medibank customers who sought treatment for drug and alcohol abuse and HIV.
The threat actors then posted medical information on customers who underwent an abortion to pressure Medibank to pay their ransom by making their customers feel shame about their procedure.
Kat, one of the data breach victims, notes in her social media post, “I read that an abortion list and people are being good and bad. That isn’t very pleasant. Something that might not have been discussed with family or your partner but is now freely available is incredibly concerning.”
However, Virginia Trioli, co-host of the ABC News Breakfast, calls for those on the list to ‘refuse the shame’. “What if we completely reframe our response to this situation and attribute no value or worth to this information beyond a list of legitimate medical treatments to which we were entitled, and what if we refuse to be ashamed of what help we sought?” she adds.
Trioli emphasises that these people didn’t do anything illegal. They just sought for medical treatment they are afforded, and there is nothing shameful about that.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
