contents
Millions of patient data fell into the hands of criminals. Now the government is launching a war against hackers.
The break-in into the IT system of the largest Australian health insurance company lasted just a few minutes. A poorly protected computer was enough for the criminals to gain access to Medibank’s company servers.
For days, the hackers then unnoticed copied the health data of ten million customers – only to publish them in portions in the hope of a ransom. There were medical reports on abortions, X-ray results, blood tests, psychiatric reports – all with the names of the patients.
Hackers are looking for lucrative targets – worldwide
As serious as the data theft is, it’s not specific to Australia, says Chad Whelan, a professor of criminology. Internet criminals are opportunists. They primarily look for targets in rich countries where the chance of a good ransom is greatest.
Legend:
The business model of international hackers is primarily to attack companies in rich countries. That’s where the highest ransoms can be found – if they pay.
Keystone/Silas stone
There are always examples of international actors surreptitiously gaining access to systems in industrialized countries. For example, by using gaps in data protection or outdated protective measures. In the current case, the origin of the criminals was soon clear. Australian authorities identified a syndicate of Russian hackers as the perpetrators of the attack.
The data theft at Medibank is not the only such case in Australia. Weeks earlier, other systems had been breached, including that of telecommunications giant Optus.
Government declares war on hackers
For Australian Cyber Minister Clare O’Neil, the barrel is now full. She unequivocally declared war on the hackers. An elite team of 100 will hunt “scumbags” who commit such crimes against innocent people around the clock, she announced.
Critical voices accused the minister of showing off because of her clear words. The fight against hackers in third countries is anything but easy. Russian cybercriminals, for example, enjoy the protection of the government in Moscow.
The criminologist Whelan still sees ways to block criminal entrepreneurship: “Authorities can attack the technical infrastructure of such syndicates, for example by blocking ways that the criminals can receive and forward money.”
If possible, do not pay a ransom
The most difficult question for the affected companies is: Should they pay a ransom to put an end to the data nightmare? For the expert, this is not expedient, because blackmailers could simply make further demands.
Paying a ransom is only an option in the rarest of cases. For example, when human life is at risk. The Australian government is now even considering banning ransom payments by law.
The health insurance company Medibank made the decision itself. The company does not pay the requested $ 15 million. But the hackers are patient. They plan to continue posting more patient data every few days.