Read Time:1 Minute, 56 Second

It finally sank in the massive aftershocks of not paying a ransom to cyber extortionists.

On Tuesday, the ransomware group behind the Medibank hacking started releasing patients’ confidential files on the dark web. This includes cases of alcohol recovery, abortions, and mental health issues. 

According to Medibank, the attack has affected 9.7 million present and former customers. The data contains claim-related information, such as codes for medical diagnoses and whether or not a person smokes or has a history of using illegal drugs.

The ransomware organisation requested US$10 million to keep the data but decided to pay $9.7 million, or $1 per record, on Thursday. It also showed a susceptible file of policyholder information comprising abortion-related medical codes.

Customers of Medibank include the country’s prime minister and, unfortunately, its cybersecurity minister. Its data breach and subsequent extortion have prompted the government to examine whether its rules are adequate to secure personal data.

Clare O’Neil, minister for home affairs and cyber security, said, “I cannot articulate the disgust I have for the scumbags at the heart of this criminal act. People are entitled to keep their health information private.”

“Even amongst ransomware attackers, the idea of releasing personal medical information of other people is considered beyond the pale. So, make no mistake: This is not just any group of scummy criminals. This is the lowest of the low.”

Some analysts believe the Medibank attackers, BlogXX, spent a month examining the health insurer’s systems. They eventually emptied the SQL database tables containing personally identifiable information and bundled it in.csv files, which they submitted to Medibank as proof of the hack.

In addition, the attackers claim to have gotten access to Medibank’s Confluence server, which runs Atlassian collaboration software, and to have retrieved source code from Stash, a source code management platform.

The hackers have found their way in through Medibank’s part-time COVID support officer. His data was harvested by a botnet malware called Redline. The said malware infected one of the officer’s devices. 

He believed that he used up-to-date anti-virus software. The incident happened in October, and the part-time officer left the company months ago, particularly in May. He said that his login credentials would no longer be adequate if Medibank had robust IT security.

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Previous post Non-compliance to Ransom Requests Made the Russian Hackers Release Medibank Patient’s Data on the Dark Web
Next post Medibank Hackers Urged the Health Insurer to Walk on Icy Ground Regarding the Release of Client Data