Australian Federal Police are set to reveal details of the Medibank hacker who continues to leak sensitive information about the health insurance giant’s customers.
On Friday, Prime Minister Anthony Albanese authorized law enforcement to disclose who is behind the attack and the country it originated from.
“I am disgusted by the perpetrators of this criminal act and I certainly authorized the AFP commissioner later today to reveal the origin of these attacks,” he told reporters after attending the a Remembrance Day ceremony in Sydney.
“We know where they are coming from, we know who is responsible and we say they must be held to account.”
Deliver more Australian news with Flash. More than 25 news channels in one place. New to Flash? Try 1 month free. Offer ends October 31, 2023
Hackers released more personal information on Friday, this time sensitive data related to customers’ mental health status and alcohol abuse.
Around 241 private medical details were posted to an online ransomware forum on Friday, marking the hackers’ third release in three days.
The data included in the latest leak contains information related to mental health and alcohol issues, including a particular medical diagnosis, as well as specific hospitals and medical clinics that patients have access to.
This follows the release of sensitive information on Thursday, which included names, addresses and medical procedures relating to pregnancy terminations.
“You say it’s disgusting (woof-woof) that we released data,” the alleged hackers wrote, appearing to allude to a warning from federal cybersecurity minister Clare O’Neil, who had previously called the hack an “act of dog”. .
“But we warned you, we will always keep our word.”
“If we don’t get a ransom, we should publish this data, because no one will believe us in the future. The same goes for our words, regarding the fact that we would not publish any data in the future, if we received a ransom payment.
Earlier in the morning, Mr Albanese said the hackers’ actions were “totally reprehensible” and had caused “incredible distress” to the community.
“The fact that information has been released regarding very personal details about the health of Australian citizens is disgusting, and something that I think is just totally reprehensible,” he told ABC Radio ahead of his tour. nine days in Asia for crucial meetings.
“The government recognizes this and we are doing everything we can to limit its impact and provide this support to people going through this difficult time.”
Medibank confirmed that its entire system was accessed by foreign cybercriminals on October 3, including nearly 500,000 health claims and the personal data of approximately 9.7 million current Medibank and ahm, as well as d old customers.
The group behind the alleged hack demanded a $10 million ($15.1 million) ransom from Medibank to prevent information from leaking onto the dark web.
Medibank took government advice and refused to pay the ransom, but chief executive David Koczkar warned on Friday that hackers will continue to leak customer data every day.
“The relentless nature of this tactic employed by the criminal is designed to cause distress and harm,” he said in a statement.
“These are real people behind this data and the misuse of their data is deplorable and can discourage them from seeking treatment.
“It is obvious that the criminal benefits from notoriety. Our sole focus is the health, well-being and care of our customers.
Trevor Long, technical expert and editor of EFTM, told Sky News Australia that the hackers could persist until the ransom is paid by the health insurance provider or a criminal group.
“It’s going to be a daily feed from this hacker until someone, whether it’s another criminal or another company, pays him money to not just shut him up, but to get the data,” he said on Friday.
“So it’s likely to be another criminal enterprise that realizes the value of that data and pays for it.”
“I’m not sure this hacker can continue for weeks because sooner or later they will realize that the ransom will not be paid.”
Medibank agreed to establish a “one-stop shop” offering mental health support and other services to customers affected by the data breach.