Medibank forecast worsens after more patient data leaks • The Register

Australian health insurer Medibank’s prognosis after a data breach in October has worsened as criminals have dumped another batch of stolen customer data on the dark web.

The villains, believed to be linked to Russian ransomware gang REvil, released what they thought was the rest of the exfiltrated data on Thursday, adding: “Case closed.”

Medibank said it is still analyzing the leaked data, which contains six “sipped files in a folder called ‘full’ containing the raw data that we believed the criminal stole.”

“A lot of the data is incomplete and difficult to understand,” the insurance giant said. “For example, health claim data released today was not linked to customer names and contact information.”

Medibank previously confirmed that crooks stole data from nearly 10 million of their current and former customers. The insurance giant has refused to pay the blackmailers a ransom.

“Based on the extensive advice we have received from cybercrime experts, we believe there is a limited chance that paying a ransom will ensure the return of our customers’ data and prevent it from being made public,” CEO said David Koczkar published in a stock market filing last month.

The stolen customer information revealed in the latest data dump appears to be “personal information,” not financial information, and “insufficient to enable identity and financial fraud,” Medibank said Thursday.

Despite the criminals’ claims of “case closed,” “we expected the criminal to continue posting files on the dark web,” he added.

Also on Thursday, the Australian Data Protection Authority officially launched an investigation into Medibank’s privacy and security practices that led to the breach.

“The OAIC’s investigation will focus on whether Medibank has taken reasonable steps to protect the personal information it holds from misuse, interference, loss, unauthorized access, alteration or disclosure,” the Australian Information Commissioner’s Office said in a statement on his website.

“The investigation will also consider whether Medibank has taken reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Data Protection Principles (APPs),” she added.

If the DPA finds “serious and/or repeated” data breaches, it can seek civil penalties of up to $2.2 million for each breach.

The hits keep coming

The health insurer first admitted to an attack on October 13. At the time, it was said that he had shut down systems with two sub-brands as a precaution, but had not accessed customer data either from these brands or from Medibank itself.

About a week later, the earlier assessment was retracted, saying the crooks had been in contact to broker a deal to get the patient data back. At the time, Medibank said 100 records had been uncovered by the data thieves — some of which contained information about medical treatments customers had undergone.

By the end of October, this health insurance giant had disclosed that “personal information and significant amounts of health insurance data” had been stolen across all three brands.

Last month, the Australian Federal Police (AFP) pointed to Russia as the location of the attackers who broke into Medibank – but stopped attributing the ransomware attack to REvil – and just days later the government vowed to “stand up and fight back” . cybercriminals.

To this end, Australia announced a joint operation between AFP and the Australian Signals Directorate (Australia’s GCHQ/NSA analogue) tasked with investigating and dismantling cybercrime syndicates. Ransomware gangs, the task force said, will be given top priority in elimination.

Home and Cybersecurity Secretary Clare O’Neil said the operation will “scour the world, hunting down the criminal syndicates and gangs targeting Australia in cyber attacks and disrupting their efforts”. ®

https://www.theregister.com/2022/12/02/medibank_data_dump/ Medibank forecast worsens after more patient data leaks • The Register

Rick Schindler

World Time Todays is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@worldtimetodays.com. The content will be deleted within 24 hours.

Related Articles

Back to top button