Failed blackmail attempt: hackers publish data of health insurance holders

Almost 10 million people in Australia have health insurance with Medibank.

Failed blackmail attempt: hackers publish data of health insurance holders

Almost 10 million people in Australia have health insurance with Medibank. After a hacker attack, they must expect their medical reports to end up on the dark web. Because the insurance company does not pay a ransom, the criminals start putting the extensive information online.

Hackers have penetrated the database of a major health insurance company in Australia and published highly sensitive information about millions of customers on the dark web. In addition to medical findings and treatments of the insured, their dates of birth, telephone numbers and e-mail addresses, among other things, fell into the hands of the criminals, as the company Medibank announced on Wednesday. The hackers had previously tried to blackmail the insurance company. However, they said they refused to pay the ransom. The perpetrators then published the first excerpts of their captured data. A total of 9.7 million people are insured with Medibank.

"Based on the extensive advice we have received from cybercrime experts, we believe there is a limited chance that paying a ransom will ensure the return of our customers' data and prevent it from being made public," Medibank said -Boss David Koczkar on the grounds why no money was paid to the blackmailers. Nor did they want to encourage other criminals to commit similar acts.

The Australian National Police said "very personal information" had been published on the dark web. Accordingly, immediate measures were taken to uncover further criminal activities. The police are aware "that the unlawful release of private health information can be disturbing and embarrassing for some of those affected by the Medibank data breach," it said.

It is likely that further data will be leaked. Prime Minister Anthony Albanese said he was a Medibank customer himself. "It's really tough for those affected," he said. But the company followed the guidelines. "The advice is not to agree to a ransom payment."