Russian hackers responsible for breaking into Medibank have released another 1,496 records in its largest data drop to date.
The cyber criminals uploaded four folders to the dark web labelling the files ‘sexually transmitted diseases’, ‘HIV’, ‘psycho’ and ‘viral hep’ on Sunday.
Hackers clam the list contains information of people living with chronic conditions like heart disease, diabetes, cancer, dementia, and mental illnesses.
It is the largest data drop by the hackers to date and brings the number of records released to 2,700.
Medibank chief executive David Koczkar said investigations were already underway to determine the accuracy of the leaked information.
Russian hackers responsible for breaking into Medibank have released information on another 1,500 patients (stock image)
Medibank chief executive David Koczkar said investigations were already underway to determine the accuracy of the information that had been leaked
‘Previous files released have not matched our records,’ he said.
‘For example, we are halfway through analysing the “STD” list – so far there are no codes that relate to STDs.
‘Anyone who downloads this data from the dark web, which is more complicated than searching for information in a public internet forum, and attempts to profit from it is committing a crime.’
Some 375 of the files included in the latest data drop have been found to not match Medibank data.
‘We will continue to support all people who have been impacted by this crime through our Cyber Response Support Program,’ Mr Koczkar said.
‘Again, I unreservedly apologise to our customers.
‘We remain committed to fully and transparently communicating with customers and we will continue to contact customers whose data has been released on the dark web.’
It is the fifth batch of information that has been dropped online by the hackers after Australian authorities refused to meet their demands and pay a $15 million ransom.
Some 9.7 million customers are believed to have been caught up in the hack with personal information stolen by the cyber criminals.
Home Affairs Minister Clare O’Neil said she would share the frustrations of Medibank customers with a lack of communication and transparency with the company.
Chairman Mike Wilkins defended his company’s handling of the cyber attack and its lacklustre communication with shareholders and customers, saying the company would continue to be measured on how it responds.
Prime Minister Anthony Albanese said he was ‘disgusted’ by the actions of the hackers
‘We have always taken and we continue to take our IT security very, very seriously,’ he said in response to a shareholder’s question at the company’s annual general meeting on Wednesday.
‘We believe that our processes were robust, although clearly not robust enough in this circumstance. And we will seek to learn from that once we have completed this review.’
Prime Minister Anthony Albanese said he was ‘disgusted’ by the actions of the hackers.
‘But the fact is the nation where these attacks are coming from should also be held accountable for the… release of information, including the very private and personal information,’ he said on November 11.
‘I say to those people who are distressed by this disclosure: We stand with you at this time.’
The cyber attack has overshadowed the health insurer’s robust operating performance.
Medibank chief executive David Koczkar said investigations were already underway to determine the accuracy of the information that had been leaked
Net resident policyholder numbers were up 14,500 as at November 12 and its non-resident business has seen customer growth of 14 per cent in the September quarter.
The company expected underlying net claims expense per resident policy unit to be steady at 2.3 per cent for the full year and Mr Koczkar said the business remained strongly capitalised.
Medibank bosses will still take home bonuses worth $7.3 million despite the massive data breach.
The clean up bill in the aftermath of the data breach was expected to cost between $35 million and $150 million, but executives would still keep their bonuses.
Mr Wilkins said executive pay would not be reviewed until next year, following the completion of an external review into the attack.
‘That’s something that we will take on board for the 2023 year once we have got the full results of the investigation,’ he said.
Mr Kockzar took home bonuses worth $1.1 million in the last financial year, with his total pay coming in at $2.59 million.
Discovered on: 2022-11-20 00:04:35
Source: Medibank Russian hackers release information of another 1,500 patients
