Russian hackers, who are said to be at the center of a massive hack of Australia’s largest health insurer Medibank, continue to threaten to leak personal health data belonging to Australian customers on the dark web.
Medibank refused to pay the ransom demanded by the hackers, fearing that doing so would encourage further hacking. It would also go against Australian government policy on the threat of online crime, Home Secretary Claire O’Neill confirmed.
In response, the hackers first posted a Super Mario meme to taunt Medibank, followed by posting names, addresses, dates of birth, and other Medicare data such as gender and internal code. info) on the “naughty” list.
Medibank has confirmed that its entire database containing 9.7 million customers was affected by the hack. Of these, 5.1 million are Medibank customers, 2.8 million belong to his AHM (Health Insurance Branch) and finally his 1.8 million are overseas customers.
The hackers say more information will be released, possibly prioritizing Australian celebrities, but “we need more time” because the data is clumsy in the original tabular-based format.
Originally, it was reported that some health information had been removed, but it’s not yet clear to what extent that happened.
The hackers have proven themselves to be “eloquent,” saying, “We will continue to post partial data. We need time to clean it up.”
Hacking is a serious criminal problem, and ransomware groups will no doubt continue to leak information online in hopes of getting paid.
Revealing addresses and phone numbers is not only an invasion of privacy, it’s also extremely dangerous for vulnerable people to stay away from abusive partners and pose a safety risk to celebrities.
Stuck between rocks and hard places
The only thing Medibank could do was apologize.
“We knew criminals could expose data online, but the threat of criminals is still a disastrous development for our customers. Phone numbers from screenshotted text messages with hackers.
Speaking to the Australian newspaper afterwards, Kozker added: And the reality of that advice is that there is a slim chance of paying the ransom (which can be called extortion) and a very low chance of them returning customer data. I can not do it. ”
The Minister of Home Affairs supports Medibank and its decision.
“The fact that personal health information is hidden above their heads is just disgusting to me. Just a disgraceful human being and shows that we need to step up and do everything we can to fight them,” said Minister Claire O’Neill.
“They are despicable, scammers, criminals and should not be ransomed,” added Assistant Treasurer Stephen Jones. “We shouldn’t give in to these crooks. The moment we fold, bastards like them all over the world are given the green light that Australia is soft his target. We will not give in.” I can’t, and I won’t give in.”
A move to accelerate the rollout of state-sponsored digital identities
This kind of cyber hacking is nothing new. In recent years, medical information has become a prime target for attacks. There is no doubt that governments and businesses care about public health.
There are concerns that hacks like those at Medibank and telecommunications giant Optus will be used by governments as a pretext for competition over global digital identity policies.
Domestically, the Australian version is called the “Trusted Digital Identity Bill” and encourages large-scale collation and sharing of data. It is the first to combine social, health, banking, business and telecommunications data under one government roof.
Evidence that this is happening continues to mount after the first Optus attack (under criminal investigation by the Australian Federal Police and the FBI in the United States). Australian Financial Review “The Optus debacle should start a federal digital ID scheme,” it wrote, making governments responsible for creating a unified digital profile for all Australians.
If things go on like this, the next time the government is hacked, thieves will have not just names and addresses, but full human profiles and security passes.
Will digital identities solve the corporate hacking problem?
That is also unlikely, given that companies need to keep localized data stored in their systems in order to operate. We must retain your name, address and phone number even when we send you an invoice.
“Australian government is focusing on cybersecurity and ransomware after a decade wasted on digital transformation,” said Home Secretary O’Neill.
One of the only things protecting governments from equally serious cyber hacks is archaic, irrelevant and anonymized data. It’s so old and clunky that hackers often leave with meaningless dust instead of data.
A brand new, easy-to-read, collated digital goldmine of digital ID programs will change that.
Following the hack, Medibank’s stock price plummeted and a class action lawsuit was filed against the company.
There is growing evidence that the hackers are Russian and may be linked to groups that previously disbanded due to a crackdown by Russian authorities.
Given the state of geopolitics, where many Western nations are involved in proxy wars with Russia via Ukraine, it is now a distant hope to bring hackers to justice if they are based abroad. It seems that.
As for our customers, we have some tough decisions to make to keep them safe.
Views expressed in this article are those of the author and do not necessarily reflect those of The Epoch Times.