Russian hackers have began posting stolen medical data regarding abortions on the dark web after Australian health insurer refused to pay them a ransom.
Australia’s biggest health insurer Medibank was recently hit by a massive cyber hack which compromised the details of just under 10 million current and former customers.
Some names, addresses, phone numbers, email addresses, passport numbers of international students and health claims data stolen from Medibank’s systems were already released on a dark web forum, the company said in a statement.
On Wednesday, the company said the hacker could release more stolen data after the company refused to make ransom payments.
A government minister described the hackers as ‘scumbags’ for demanding £8 million from Medibank to stop leaking stolen information about clients.
On failing to pay the ransom, the hackers posted a file labelled ‘abortions’ on a darkish internet weblog that’s linked to ransomware crime group REvil, which some specialists say has hyperlinks to Russia.
The information within the file is known to incorporate procedures claimed by a policyholder associated to the termination of being pregnant, together with non-viable being pregnant, ectopic being pregnant, molar being pregnant, miscarriages, and readmission for problems.
‘These are actual folks behind this information and the misuse of their information is disgraceful and should discourage them from in search of medical care,’ Medibank mentioned in a press release.
‘Given the information’s delicate nature, we’re asking the media and others to help our ongoing efforts to minimise hurt to clients, and to not unnecessarily obtain delicate private information from the darkish internet and to chorus from contacting clients immediately,’
The hackers additionally posted a ‘naughty listing’ of those who appeared to have undergone remedy for drug dependancy, alcohol abuse, and HIV.
In response to Medibank, the main points of just about 500,000 well being claims have been stolen, together with private info.
David Koczkar, chief govt of Medibank, mentioned the discharge of the knowledge was ‘disgraceful’.
‘The weaponisation of individuals’s non-public info in an effort to extort cost is malicious, and it’s an assault on essentially the most susceptible members of our neighborhood,’ he mentioned.
Australia’s cyber safety minister Clare O’Neil instructed parliament that the response by authorities and public companies consists of ‘inserting protecting safety round authorities information, state police working with affected people, the organisation of psychological well being help and counselling, and putting in administration plans round individuals who have some very particular vulnerabilities’.
On Friday, the Australian police mentioned they imagine Russia-based hackers had been behind the cyberattack.
Australian Federal Police (AFP) Commissioner Reece Kershaw blamed a loosely-affiliated group of cyber criminals seemingly chargeable for different massive breaches all over the world for the assault on Medibank.
Kershaw mentioned the AFP is aware of which people are accountable however won’t be naming them at this second.
‘To the criminals, we all know who you’re and furthermore, the AFP has some vital runs on the scoreboard in terms of bringing abroad offenders again to Australia to face the justice system,’ he mentioned at a information convention on Friday.
Kershaw mentioned the AFP will probably be holding talks with Russian regulation enforcement in regards to the people.