Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed in Ransomware Hack

News

Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident.

The attack, according to the company, was detected in its IT network on October 12 in a manner that it said was “consistent with the precursors to a ransomware event,” prompting it to isolate its systems, but not before the attackers exfiltrated the data.

“This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers, and around 1.8 million international customers,” Medibank noted.

Compromised details include names, dates of birth, addresses, phone numbers, and email addresses, as well as Medicare numbers (but not expiry dates) for ahm customers, and passport numbers (but not expiry dates) and visa details for international student customers.

It further said the incident resulted in the theft of health claims data for about 160,000 Medibank customers, around 300,000 ahm customers, and around 20,000 international customers.

This category comprises service provider name, the locations where customers received certain medical services, and codes associated with diagnosis and procedures that were administered.

CyberSecurity

Medibank, however, said financial information and identity documents like drivers licenses have not been siphoned as part of the security breach and that no unusual activity was observed since October 12, 2022.

“Given the nature of this crime, unfortunately we now believe that all of the customer data accessed could have been taken by the criminal,” the company said, urging customers to be on the alert for any potential leaks.

In a standalone investor statement, the company also said it will not make any ransom payment to the threat actor, stating doing so will only encourage the attacker to extort its customers and make Australia a bigger target.

Products You May Like

Articles You May Like

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
US Organizations Still Using Kaspersky Products Despite Ban
DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
Sophisticated TA397 Malware Targets Turkish Defense Sector
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

Leave a Reply

Your email address will not be published. Required fields are marked *