Medical data on clients of Australian insurance company Medibank was released today after the company refused to pay a ransom for information on some 10 million clients.
The clinical data of seropositive or drug dependent patients were part of the exposed information.
Identity, passport numbers, dates of birth, addresses and medical information are also among the published data.
“This is a criminal act designed to harm our customers and cause distress,” Medibank CEO David Koczkar said in a statement, again apologizing to customers.
“We take our responsibility to protect our customers seriously and stand ready to support them,” he added.
Cybersecurity Minister Clare O’Neil, who is a client of Medibank and was affected by the attack, called on the media to prevent the stolen information from being shared on their platforms.
“If you do, you will be aiding and abetting the scum that are at the heart of these criminal acts and I know you would not do that to your own country and your own citizens,” O’Neil told Parliament.
The official revealed that the number of people with medical information made public was “low at this stage.”
“But I want the Australian people to understand that this is likely to change and that we are going through a difficult time that could last for weeks, possibly months, not days and hours,” he said.
The Australian prime minister, another of Medibank’s clients, applauded the company’s refusal to pay the ransom.
“This is really difficult for people. I am also a private client of Medibank and it will be worrying that some of this information has been disclosed,” Anthony Albanese told reporters.
The hackers allegedly threatened to expose celebrity clients’ diagnoses and treatments unless a ransom of an undisclosed amount was paid.
Medibank, for its part, considered that there was a “limited possibility” that the rescue prevented the publication of the data.
A blogger going by the name “Extortion Gang” posted Monday night on the dark web that the data would be released “within 24 hours.”
Medibank has updated its estimate of the number of people affected by the cyberattack from four million two weeks ago to 9.7 million this week.
Source: TSF
