[Sean Camara]

Ransom negotiations ramp up as Medibank hackers start releasing stolen data on the dark web​

In light of the increasing number of cybercrime cases, we here at the SDC are dedicated to keeping you up to date with the most important and impactful cases as they happen.

It is with regret that we have to report a sinister update on the recent cyberattacks on Medibank, Australia's largest health insurer.

A group of hackers hijacked the system of the insurance company, leading to the names and addresses of thousands of its customers (past and present) being compromised.

The cybercriminals stole customer data, which include names, addresses, birthdates, and Medicare details, of almost nine million Medibank members.

Additionally, the hackers started posting the information of hundreds of individuals to the dark web on Wednesday, November 9.

The hackers, who go by the name 'BlogXX' or 'REvil', also threatened to release more data from millions of Australian Medibank customers, including Aussie celebrities, unless the company pays a ransom

'Looking back that data is stored in not very understandable format (table dumps) we'll take some time to sort it out,' the cybercriminals said.

'We'll continue posting data partially, need some time to do it pretty.'

An alleged message from Medibank to the hackers who stole company data. Credit: Daily Mail.

Meanwhile, Medibank allegedly responded to the requests of the cybercriminals as shown in the screenshots made public by the hackers.

The alleged response from the health insurer read: 'Hello. We received your message. We want to talk with you, but need to be sure you're the person who says they have our data.'

'Can you tell us all the addresses and phone numbers you sent messages to?'

The hackers then replied with: 'OK, we wait.'

More screenshots showed that the alleged Medibank account later responded: 'After considering all options, we have made a decision that we cannot pay your demand.'

'It is also Australian government policy that ransoms should not be paid. We understand the impact this may have.'

Pictured is Medibank's alleged reply to the hackers, claiming that they would not pay the ransom. Credit: Daily Mail.

Trevor Long, a tech specialist and editor of EFTM.com, claimed that early on Wednesday morning, a sample of data was made available on the dark web.

He explained: 'The bottom line is the hacker community, the scammer community, have this information now and that's the risk to us - individuals getting asked to pay ransoms to prevent their own information being handed over to friends, family or employers.'

In a prior statement, Medibank acknowledged that when the unidentified group broke into its system a few weeks ago, details from nearly 500,000 health claims as well as personal data, were taken.

The health insurer confirmed that no banking nor credit card information was accessed.

The ransomware hackers announced on Tuesday that the 'data will be publish (sic) in 24 hours'.

'P.S. I recommend to sell (sic) medibank stocks.'

Medibank once more expressed its sincere apologies to all of its clients, cautioning them to be on the lookout for any phone, postal, or email phishing scams.

CEO David Koczkar said on Tuesday: 'We knew the publication of data online by the criminal could be a possibility but the criminals' threat is still a distressing development for our customers.'

He expressed his 'devastation' for the clients, who 'deserve privacy', but warned that if Medibank bowed to the thieves' demands, Australia would become a target for more such attacks.

'This is a significant decision for the business and we've had extensive expert advice and the reality of that advice is that there was a small chance that paying a ransom – you can call it extortion – that it was very unlikely they may return customer data,' he added.

'In fact, you just can't trust a criminal.'

Mr Koczkar said that the company is firm on not paying ransom to the hackers because it is 'consistent with the government policy on paying ransoms'.

Key Takeaways

• Hackers have posted customer data from Medibank on the dark web, including names, addresses, birthdates and Medicare details.
• The hackers have also released screenshots of their contacts with Medibank, in which they demanded a ransom to stop them from releasing the data.
• Medibank has refused to pay the ransom, saying that it would encourage further crime.
• The hackers have warned that they will release even more data if they are not paid.
• Medibank advised customers to be on alert for any potential scams.

Unfortunately, there’s no easy fix to the cyber-war that’s getting worse and worse by the day.

And while it is unfortunate that we, as consumers, cannot do anything about this breach, the only thing we can do is be weary of the threats that may endanger our welfare.

If you are or were a member of Medicare, please be extra cautious with your transactions, especially phone calls and emails from people you're not familiar with.

For more information on how you can protect yourself from cybersecurity threats, we recommend checking out this article.

Stay safe out there, members!

 

[Suzanne rose]

I've received an email from both Medibank and AHM I was with medibank until I moved across to AHM 5 years ago
Ahm and medibank are connected.

What I'm wondering is what can they do with my info, they are saying they don't have bank details , the main thing is that they can see our medical records
They also have Medicare numbers but not expiry dates, they have date of birth and address.
To take out loans you need alot of details and identification including photo I'd

So is the main problem people getting black mailed due to procedures or will we be receiving more scam emails and calls I'm angry because these companies that want our information need to guarantee our safety.

The government needs to make a card say a red card a green card ect certain colours for the amount of I'd given to them , services Australia could easily do this.
That way, only one place has our information but they give us photo cards to use to prove our identification without giving all our I'd out to anyone else

 

[Charlie52]

This is of course, the problem with technology. The world was a simpler and safer place without it!

 

[Ricci]

Luckily for me I am not and have never been a member of Medibank. I would be ropeable if I thought my personal information had been lost to scammers. These Companies insist on having our personal details, why? Surely they have everything they need in either our driving licence or medicare number.

 

[Jennylolo]

why bare there old records for non current members? These should be deleted when a change is made. Why are they still available. Would make some difference for some individuals at least. The more is online the greater the chance of this happening. Why haven't these companies got the programs to protect against the dark web?

 

[Gsr]

Well I got the trifecta, Optus, Medibank and my deal. I was also briefly with AHM. After Optus I started getting emails that to me are scams, which I am still receiving and I delete them as soon as I see them. After my deal my account was hacked, but as I only use it for online shopping and transfer money as I use it there is only ever $20/30 in that account. I never save my account details to online sites but when I checked my deal there they were in an encrypted form, but someone must have accessed them. I deleted them and contacted my deal but have had no response. Strangely the money was refunded to my account the next day. I have since closed that account. Now I am waiting to see if there is any fallout from the Medibank data breach. Obviously criminals are outsmarting big business which is an ongoing concern for everybody whose data is stored on any company website. I wonder which company will be next.

 

[Tipsy]

Ransom negotiations ramp up as Medibank hackers start releasing stolen data on the dark web​

In light of the increasing number of cybercrime cases, we here at the SDC are dedicated to keeping you up to date with the most important and impactful cases as they happen.

It is with regret that we have to report a sinister update on the recent cyberattacks on Medibank, Australia's largest health insurer.

A group of hackers hijacked the system of the insurance company, leading to the names and addresses of thousands of its customers (past and present) being compromised.

The cybercriminals stole customer data, which include names, addresses, birthdates, and Medicare details, of almost nine million Medibank members.

Additionally, the hackers started posting the information of hundreds of individuals to the dark web on Wednesday, November 9.

The hackers, who go by the name 'BlogXX' or 'REvil', also threatened to release more data from millions of Australian Medibank customers, including Aussie celebrities, unless the company pays a ransom

'Looking back that data is stored in not very understandable format (table dumps) we'll take some time to sort it out,' the cybercriminals said.

'We'll continue posting data partially, need some time to do it pretty.'

An alleged message from Medibank to the hackers who stole company data. Credit: Daily Mail.

Meanwhile, Medibank allegedly responded to the requests of the cybercriminals as shown in the screenshots made public by the hackers.

The alleged response from the health insurer read: 'Hello. We received your message. We want to talk with you, but need to be sure you're the person who says they have our data.'

'Can you tell us all the addresses and phone numbers you sent messages to?'

The hackers then replied with: 'OK, we wait.'

More screenshots showed that the alleged Medibank account later responded: 'After considering all options, we have made a decision that we cannot pay your demand.'

'It is also Australian government policy that ransoms should not be paid. We understand the impact this may have.'

Pictured is Medibank's alleged reply to the hackers, claiming that they would not pay the ransom. Credit: Daily Mail.

Trevor Long, a tech specialist and editor of EFTM.com, claimed that early on Wednesday morning, a sample of data was made available on the dark web.

He explained: 'The bottom line is the hacker community, the scammer community, have this information now and that's the risk to us - individuals getting asked to pay ransoms to prevent their own information being handed over to friends, family or employers.'

In a prior statement, Medibank acknowledged that when the unidentified group broke into its system a few weeks ago, details from nearly 500,000 health claims as well as personal data, were taken.

The health insurer confirmed that no banking nor credit card information was accessed.

The ransomware hackers announced on Tuesday that the 'data will be publish (sic) in 24 hours'.

'P.S. I recommend to sell (sic) medibank stocks.'

Medibank once more expressed its sincere apologies to all of its clients, cautioning them to be on the lookout for any phone, postal, or email phishing scams.

CEO David Koczkar said on Tuesday: 'We knew the publication of data online by the criminal could be a possibility but the criminals' threat is still a distressing development for our customers.'

He expressed his 'devastation' for the clients, who 'deserve privacy', but warned that if Medibank bowed to the thieves' demands, Australia would become a target for more such attacks.

'This is a significant decision for the business and we've had extensive expert advice and the reality of that advice is that there was a small chance that paying a ransom – you can call it extortion – that it was very unlikely they may return customer data,' he added.

'In fact, you just can't trust a criminal.'

Mr Koczkar said that the company is firm on not paying ransom to the hackers because it is 'consistent with the government policy on paying ransoms'.

Key Takeaways

• Hackers have posted customer data from Medibank on the dark web, including names, addresses, birthdates and Medicare details.
• The hackers have also released screenshots of their contacts with Medibank, in which they demanded a ransom to stop them from releasing the data.
• Medibank has refused to pay the ransom, saying that it would encourage further crime.
• The hackers have warned that they will release even more data if they are not paid.
• Medibank advised customers to be on alert for any potential scams.

Unfortunately, there’s no easy fix to the cyber-war that’s getting worse and worse by the day.

And while it is unfortunate that we, as consumers, cannot do anything about this breach, the only thing we can do is be weary of the threats that may endanger our welfare.

If you are or were a member of Medicare, please be extra cautious with your transactions, especially phone calls and emails from people you're not familiar with.

For more information on how you can protect yourself from cybersecurity threats, we recommend checking out this article.

Stay safe out there, members!

Thats correct, you can never trust a criminals... Thats why most of us dont trust ,Politicians, Car and insurance salespeople Big pharma and the Big Banks

 

[Suzanne rose]

Just received an email saying my information was stolen by the hackers
This was nearly like receiving my positive covid test results the first time

 

[Tipsy]

Just received an email saying my information was stolen by the hackers
This was nearly like receiving my positive covid test results the first time

View attachment 8811

If they can catch these gutless lowest of low life COWARDS, Dont throw the book at them just remove their ability to Breath. they deserve nothing less

 

[Suzanne rose]

If they can catch these gutless lowest of low life COWARDS, Dont throw the book at them just remove their ability to Breath. they deserve nothing less

I'm now with AHM and apparently they also hacked into that one as well. Medibank and AHM are connected

 

[Ricci]

I'm now with AHM and apparently they also hacked into that one as well. Medibank abd AHM are connected

Sorry to hear that, I hope you stay safe and these b***ards don't do anything awful with your information

 

[Suzanne rose]

Just received another email this ones from AHM.

Confirmation of data stolen in recent cybercrime
AI
ahm health insurance

To:
@hotmail.com
Sat 19/11/2022 1:58 PM

Can't read this email? View here

​ Dear Suzanne, Further to our previous communications, we’re deeply sorry to inform you that we now believe some health claims data relating to one or more members on your policy has been stolen in the recent cybercrime event. This is in addition to the stolen personal data outlined below. This email details what types of data we believe were stolen, outlines actions you can take to safeguard your online identity, and the support and services available to you. For your protection, we have not included specific details of your data in this email. Which of your data has been impacted Based on our investigation, we currently believe the following data relating to all the members on this policy has been stolen: first name and surname gender date of birth email address phone number (where you have provided it to us) Client ID Medicare number (but not expiry date) In addition, we currently believe that some health claims data has been stolen for one or more members of this policy. This may include the name of the service provider, where the member received certain medical services, codes associated with diagnoses and the procedures administered. We believe the criminal has notstolen: Credit card and banking details Primary identity documents, such as passport. ahm does not collect primary identity documents for resident customers except in exceptional circumstances Claims data for extras services (such as dental, physio, optical and psychology) Please be assured people cannot access your Medicare details with just your Medicare card number. If you’re concerned, you can replace your Medicare card using your Medicare online account through myGov, or via the Express Plus Medicare mobile app. Find out more at servicesaustralia.gov.au/medicarecard. Customer data on the dark web Some of the customer data that was stolen has now been released by the criminal on the ‘dark web’, and we expect that the criminal may continue to release more data over time. The dark web is a closed online network, often accessed for criminal purposes. We have been contacting customers directly whose health data we know has been released on the dark web. Regardless of what data is released on the dark web, we strongly advise all customers to take the precautions outlined below to safeguard their online identity. Actions you can take now There is no need for you to change your policy number or your payment details, however there are steps that you can take now to further protect your identity. 1. Further protect your identity We recommend being vigilant across all your online communications and transactions, and specifically: Update your ahm online member services password with a ‘strong’ password. Regularly updating your passwords across all your online services, not re-using passwords and activating multi-factor authentication on any online accounts, where available. Being alert for any phishing scams that may come to you by phone, post or email. Making sure to verify any communications you receive to ensure they are legitimate. Being careful when opening or responding to texts from unknown or suspicious numbers. Remember that ahm will never contact you asking for your password or sensitive information. 2. Use our Cyber Response Support Program We have established a Cyber Response Support Program to make it easier for you to take steps to protect yourself. The Program also provides access to additional support for those that require it, and that fit your personal circumstances: Customers are encouraged to take advantage of the specialist identity protection advice and resources available through IDCARE’s purpose-built page for Medibank and ahm customers. IDCARE is Australia’s national identity and cyber support community service, and can assist customers who have concerns about the exposure of their data. Through the IDCARE website, you can book a free consultation to review your personal circumstances to get advice on actions you can take to protect your identity. Medibank has established a cybercrime health & wellbeing line, providing access to counsellors who have been trained to support victims of crime and issues related to sensitive health information. To read more about this support line, please visit ahm.com.au/cyber-incident. Hardship support is available for customers who are in a uniquely vulnerable position as a result of this crime. Our contact centre team can direct you to the specialised support team. ahm is offering free identity monitoring services for customers whose primary identity document, such as passport, has been compromised as a result of this crime. Please speak to our contact centre team to understand how this applies to you. You can find further details of the Cyber Response Support Program, including instructions on how to access the Program, on the ahm Cyber Event Updates and Support page ahm.com.au/cyber-incident. Use this reference number 32556 to find helpful actions and support available to you.

 

[Ricci]

Sorry you got caught up in all this, hope it gets sorted soon.

I have my own hospital worries at the moment, one of my little dogs is in the Vet Hospital fighting for his life with a Paralysis tick bite.

 

[Suzanne rose]

Sorry you got caught up in all this, hope it gets sorted soon.

I have my own hospital worries at the moment, one of my little dogs is in the Vet Hospital fighting for his life with a Paralysis tick bite.

Oh Ricki I'm so sorry my prays are with you. I was only hearing on the TV the other day how bad the ticks are this year.
Hopefully your little one is a fighter and will get through this please keep us updated

 

[Ricci]

Oh Ricki I'm so sorry my prays are with you. I was only hearing on the TV the other day how bad the ticks are this year.
Hopefully your little one is a fighter and will get through this please keep us updated

I'm waiting to hear from the Vet. The tick bite was just over his larynx so it's mainly affected his throat. He's lost the ability to swallow, is making excessive amounts of saliva and it's just running out of him and he can't stand. He's had the Serum and is on a drip, but he's one very sick little dog. He's being monitored and will get oxygen if it gets worse.
I was a fortnight late with their medication, just completely forgot about it. My other little one is fine thank goodness.
The Vet told me that at the moment they have a total of 8 dogs in the hospital, all with the same thing. Not all will make it.
I've cancelled any thoughts of Christmas as this is going to cost thousands whatever the outcome, but what can you do?

 

[Suzanne rose]

I'm waiting to hear from the Vet. The tick bite was just over his larynx so it's mainly affected his throat. He's lost the ability to swallow, is making excessive amounts of saliva and it's just running out of him and he can't stand. He's had the Serum and is on a drip, but he's one very sick little dog. He's being monitored and will get oxygen if it gets worse.
I was a fortnight late with their medication, just completely forgot about it. My other little one is fine thank goodness.
The Vet told me that at the moment they have a total of 8 dogs in the hospital, all with the same thing. Not all will make it.
I've cancelled any thoughts of Christmas as this is going to cost thousands whatever the outcome, but what can you do?

How old is he ? My mother's dog was very sick a few months ago he couldn't eat and apparently it was something to do with his liver they told her he probably wasn't going to make it. They suspected it was through him eating something poisonous which mum thinks it was her neighbour who had threatened to do this. The Vet bill was huge but there is an association which helps pay the vet bill they covered 75% of the bill and mum paid the remainder which the Vet let her pay off. She is in Taree but I'm sure this association is in all areas of NSW they are very passionate with helping. I can get the info in a couple of hours when she wakes up

 

[Ricci]

How old is he ? My mother's dog was very sick a few months ago he couldn't eat and apparently it was something to do with his liver they told her he probably wasn't going to make it. The Vet bill was huge but there is an association which helps pay the vet bill they covered 75% of the bill and mum paid the remainder which the Vet let her pay off. She is in Taree but I'm sure this association is in all areas of NSW they are very passionate with helping. I can get the info in a couple of hours when she wakes up

Tommy is 10, he's only little, weighs 5kg, his sister is even smaller at 3kg. I rescued them both about 6 months ago. They did offer me Vetpay which allows you to pay it off over 12 months but there are quite high fees associated with it so I declined. Thanks for the offer, at this point I'd welcome any sort of help.

 

[Suzanne rose]

Tommy is 10, he's only little, weighs 5kg, his sister is even smaller at 3kg. I rescued them both about 6 months ago. They did offer me Vetpay which allows you to pay it off over 12 months but there are quite high fees associated with it so I declined. Thanks for the offer, at this point I'd welcome any sort of help.

I will call mum around 10. I'm sure there will be help for you as there was for mum . Her dog is old and has dingo in him . Due to his age I didn't think they would help but they did

 

[Ricci]

I will call mum around 10. I'm sure there will be help for you as there was for mum . Her dog is old and has dingo in him . Due to his age I didn't think they would help but they did

Good to hear your Mums dog recovered. I have just heard from the Vet, Tommy can stand by himself this morning and has been able to wee by himself so fingers crossed things are looking up. He still can't swallow so is a long way from being right but at the moment I'm hopeful. Unfortunately they lost one of the other dogs in the Hospital overnight so someone else is getting some sad news this morning.

 

[Suzanne rose]

That is really good news I'm sure he will recover now. Calling mum in a few minutes.

Did they give you any idea on Vet cost? What is now costing mum is for special vitamins he will need for the rest of his life , his name is Brutus