Hacker Demands $10M to Stop Leaking Australians’ Medical Records

    Hacker Demands $10M to Stop Leaking Australians’ Medical Records
    Updated Nov 10, 2022
    Image credit: Reuters [via Al Jazeera]


    • The cybercriminal or criminal organization that stole sensitive records from one of Australia's largest healthcare companies demanded on Thursday roughly $10M to stop leaking the data, as they uploaded even more confidential details about customers.[1]
    • Early Thursday, the hacker published a message on the dark web asking Medibank to pay $1 for each of the 9.7M customer files that were stolen in last month's data breach.[2]
    • This comes as they uploaded a second batch of files to a dark web forum with more sensitive details about hundreds of Medibank customers, who they've divided into "naughty" and "nice" lists, with the "naughty" label apparently pertaining to those who received treatment related to drug abuse, and sexually transmitted infections. On Thursday, one more file about abortions was added.[3]
    • Australian firms have recently suffered a string of data breaches. PM Anthony Albanese said the government is working with investigators on the cyber attack, stating: "This is really tough for people. I'm a Medibank private customer as well, and it will be of concern that some of this information has been put out there."[4]
    • After Medibank had refused to pay an undisclosed ransom, the hackers followed through on their threat to publish the stolen data. The company told customers, "Based on the extensive advice we have received from cybercrime experts, we believe there is only a limited chance paying a ransom would ensure the return of our customer's data and prevent it from being published."[5]
    • The security incident has erased hundreds of millions of dollars from Medibank's market value. The company's share price plummeted over 20% since last month when the news of the leak first appeared.[6]


    Pro-establishment narrative

    Unfortunately, this is the new world that we live in. The Medibank breach is a huge wake-up call that shows the need for an overhaul of information and privacy protection. From here on in, companies must be aware that they're under relentless cyber-attack. Australia's institutions are generally well prepared but can do even more to safeguard classified information.

    Establishment-critical narrative

    Cybersecurity isn't taken seriously enough in either the public or private sector. Most business leaders believe that their enterprises are safe from harm, but the truth is far less comforting. In a 2021 study, a staggering 63% of businesses said they had experienced a cyberattack. The hidden cost isn't the value of the stolen information but losing the customer's trust — and the impact that may have on the attacked company's share value.

    Nerd narrative

    There is a 41% chance the US executive branch will attempt to ban or otherwise further limit ransomware payments in 2022, according to the Metaculus Prediction Community.

    Articles on this story