10 million US dollars is the sum demanded by the hackers responsible for the hacking of the Australian company Medibank. Leader in the field of private health insurance, it had more than 3.7 million customers in 2021.
Abortion medical data
According to the first information relayed by the BBC, the company refused to pay the ransom demanded by the hackers. A decision supported by the Australian government, although the attackers began to disseminate the ultra-sensitive data of several customers on a forum of the deep web. Two lists were made: one of the “good” people and one of the “bad”, according to the classification of the hackers. On the list of “villains” are a slew of customers who are victims of alcoholism, drug addiction or HIV carriers. Multiple medical procedures would also have been revealed on these lists. Moreover, and still according to the BBC, a CSV file containing information relating to potential abortions was leaked on the forum.
Personalities among the victims
For David Koczkaro, CEO of Medibank, this attack could alienate patients from the Australian healthcare system. “These are real people behind this data. The misuse of their information is deplorable and may discourage them from seeking medical care”he regretted.
According to several local media, the attack is attributable to the Russian ransomware group REvil. In total, more than 9.7 million people could be affected by this cyberattack. Several personalities have indicated that they have been victims of harassment by scammers following this affair.
This is the case of former tennis champion Todd Woodbridge, who revealed that he had been the target of scammers after the attack on Medibank. “I think I am one of the people who have been scammed by the Medibank situation”he explained on Melbourne radio 3AW.
A cyber-response deployed
In a statement, the insurer asks Internet users not to seek to consult the information disclosed on the net, while apologizing to customers affected by the leak. Medibank insures “support all those who have been affected by this crime” by deploying its cyber-response program. A “mental health and wellness support”identity protection measures and financial support for people in difficulty should be put in place.