Hacker holds Australian health insurer’s data for ransom

Oct 19, 2022, 12:21 PM | Updated: Oct 20, 2022, 2:58 am
People walk past a Medibank branch in Sydney, Thursday, Oct. 20, 2022. Medibank health insurer is b...

People walk past a Medibank branch in Sydney, Thursday, Oct. 20, 2022. Medibank health insurer is being extorted for customers' data in the nation's second major cybersecurity breach in a month, an official says. (AP Photo/Rick Rycroft)

(AP Photo/Rick Rycroft)

              People walk past a Medibank branch in Sydney, Thursday, Oct. 20, 2022. Medibank health insurer is being extorted for customers' data in the nation's second major cybersecurity breach in a month, an official says. (AP Photo/Rick Rycroft)
            
              People walk past a Medibank branch in Sydney, Thursday, Oct. 20, 2022. Medibank health insurer is being extorted for customers' data in the nation's second major cybersecurity breach in a month, an official says. (AP Photo/Rick Rycroft)

CANBERRA, Australia (AP) — A cybercriminal was holding for ransom an Australian health insurer’s customer data including diagnoses and treatments, in the nation’s second major privacy breach in a month, officials said on Thursday.

Trade in Medibank shares has been halted on the Australian Securities Exchange since Wednesday when police were alerted that the company had been contacted by what it described as a “criminal” who wanted to negotiate over the stolen personal data of customers.

Medibank, which has 3.7 million customers, said on Thursday the criminal had provided a sample of 100 customer policies from a purported haul of 200 gigabytes of stolen data.

Details included customer names, addresses, birth dates, national health care identification numbers and phone numbers.

Cybersecurity Minister Clare O’Neil said most concerning was that records of medical diagnoses and procedures had also been stolen.

“Financial crime is a terrible thing. But ultimately, a credit card can be replaced,” O’Neil told reporters.

“The threat that is being made here to make the private, personal health information of Australians made available to the public is a dog act,” she added.

The thief had threatened to sell Medibank data to third parties and singled out records of 1,000 politicians, media personalities, actors, LGBTQ activists and drug addicts for exposure, Nine Network News reported.

“We found people with very interesting diagnoses,” the thief reportedly wrote to Medibank.

Medibank declined to comment on the reported threats and would not release details beyond its statement to the Australian Securities Exchange.

The Medibank breach came a month after a cyberattack stole from telecommunications company Optus the personal data of 9.8 million customers.

The Optus breach, which compromised the personal data of more than one-third of Australia’s population, prompted the government to propose urgent reforms to privacy laws that would increase penalties for companies that fail to protect customers’ data and limit the quantity of data that can be retained.

O’Neil said cybercrime was a growing problem around the world and that Australia needed to be better prepared.

“We are going to be under relentless cyberattack essentially from here on in, and what it means is that we need to do a lot better as a country to make sure that we are doing everything we can within organizations to protect customer data and also for citizens to be doing everything that they can,” O’Neil said.

“Combined with Optus, this is a huge wake-up call for the country and certainly gives the government a really clear mandate to do some things that frankly probably should have been done five years ago, but I think are still very crucially important,” she added, referring to privacy law reforms that the government hopes to pass through Parliament this year.

O’Neil described the Medibank breach as a “ransomware attack,” which the government defines as an attack with malware that locks or encrypts files so that the owner can no longer access them.

O’Neil’s office later said she misspoke and meant that the culprit had demanded ransom.

Medibank said its systems had not been encrypted by ransomware and its usual customer activities continued.

Medibank chief executive David Koczkar said his company was working with specialized cybersecurity firms as well as police and government experts in response to the breach.

“I unreservedly apologise for this crime which has been perpetrated against our customers, our people and the broader community,” Koczkar said in a statement.

“I know that many will be disappointed with Medibank and I acknowledge that disappointment,” he added.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

FILE - A flyer seeking information about the killings of four University of Idaho students who were...
Associated Press

Idaho police seek car seen near site where 4 students killed

Police are asking for help finding the occupant of a car that was seen near where four University of Idaho students were stabbed to death last month, saying that person could have "critical information" about the case.
1 day ago
Associated Press

Norway acquits Putin ally’s son who flew drone

COPENHAGEN, Denmark (AP) — The son of a Russian businessman close to President Vladimir Putin has been acquitted in Norway of violating a law that bars Russians from flying drones. Andrey Yakunin, who holds both a Russian and a British passport and who lives in Italy, was arrested in Hammerfest, in Arctic Norway, on Oct. […]
1 day ago
Aisha Ali, 40, cries as she and her daughter Husseina, 9, wait in Tabawa, northeastern Nigeria, for...
Associated Press

‘God’s plan’: Family flees amid catastrophic Nigeria floods

TABAWA, Nigeria (AP) — When the floodwaters reached Aisha Ali’s hut made of woven straw mats and raffia palms, she packed up what belongings she could and set off on foot with her eight youngest children. Ali, 40, knew she and her family might never see their home again. In this remote village –in the […]
1 day ago
Thailand soldiers stand with seized packages of illegal drugs and the body of a suspected smuggler ...
Associated Press

15 suspected drug smugglers killed by Thai border patrol

BANGKOK (AP) — Thai soldiers clashed with suspected drug smugglers in a forested area in the country’s north near the Myanmar border, killing 15, authorities said Thursday. The soldiers encountered the group of suspects carrying backpacks Wednesday evening and ordered them to stop, but they instead opened fire, according to the Pha Muang Task Force, […]
1 day ago
A worker in protective gear disinfects his gloves as residents get their routine COVID-19 throat sw...
Associated Press

China’s looser anti-COVID measures met with relief, caution

TAIPEI, Taiwan (AP) — A day after China announced the rollback of some of its most stringent COVID-19 restrictions, people across the country are greeting the news with a measure of relief but also caution, as many wait to see how the new approach will be implemented. Following nationwide protests last month against China’s harsh […]
1 day ago
This image released by Netflix shows Prince Harry, right, and Meghan, Duke and Duchess of Sussex, i...
Associated Press

UK royals brace as Harry-Meghan doc promises ‘full truth’

LONDON (AP) — Britain’s monarchy braced for more bombshells to be lobbed over the palace gates Thursday as Netflix released the first three episodes of a series that promises to tell the “full truth” about Prince Harry and Meghan’s estrangement from the royal family. Promoted with two dramatically edited trailers that hint at racism and […]
1 day ago

Sponsored Articles

Comcast Ready for Business Fund...
Ilona Lohrey | President and CEO, GSBA

GSBA is closing the disparity gap with Ready for Business Fund

GSBA, Comcast, and other partners are working to address disparities in access to financial resources with the Ready for Business fund.
SHIBA WA...

Medicare open enrollment is here and SHIBA can help!

The SHIBA program – part of the Office of the Insurance Commissioner – is ready to help with your Medicare open enrollment decisions.
Lake Washington Windows...

Choosing Best Windows for Your Home

Lake Washington Windows and Doors is a local window dealer offering the exclusive Leak Armor installation.
Anacortes Christmas Tree...

Come one, come all! Food, Drink, and Coastal Christmas – Anacortes has it all!

Come celebrate Anacortes’ 11th annual Bier on the Pier! Bier on the Pier takes place on October 7th and 8th and features local ciders, food trucks and live music - not to mention the beautiful views of the Guemes Channel and backdrop of downtown Anacortes.
Swedish Cyberknife Treatment...

The revolutionary treatment of Swedish CyberKnife provides better quality of life for majority of patients

There are a wide variety of treatments options available for men with prostate cancer. One of the most technologically advanced treatment options in the Pacific Northwest is Stereotactic Body Radiation Therapy using the CyberKnife platform at Swedish Medical Center.
Work at Zum Services...

Seattle Public Schools announces three-year contract with Zum

Seattle Public Schools just announced a three-year contract with a brand-new company to the Pacific Northwest to assist with their student transportation: Zum.
Hacker holds Australian health insurer’s data for ransom