Your private health information could be leaked! Medibank hit with major cyber security attack
- Replies 5
We all know that cybercrime is on the rise – but it’s still a huge shock whenever we hear about another big company being hit with a data breach.
The latest victim? Medibank, one of Australia’s largest private health insurers.
According to reports, hackers have taken credit for the company's cyberattack and have threatened to release private client data if their ransom demands are not satisfied.
While authorities have yet to verify the legitimacy of the cyber hacker's messages, the Sydney Morning Herald claimed that the hackers initially sought a $1 million bitcoin ransom but later increased it to $2 million after the payment did not go through
Additionally, the cybercriminals said that they were looking at retrieving data from 'persons of interest' whose information can then be used for scamming other people who weren’t directly impacted by the breach.
They wrote: 'We offer to start negotiations in another case we will start realising our ideas like 1. Selling your Database to third parties 2. But before this we will take 1k most media persons from your database (criteria is: most followers, politicians, actors, bloggers, LGBT activists, drug addictive people, etc) Also we’ve found people with very interesting diagnoses. And we’ll email them their information.'
Medibank said in a statement issued on Wednesday afternoon that it has spoken with a party that 'wishes to negotiate with the company regarding their alleged removal of customer data.'
It stated that the business was currently 'working urgently' to determine the legitimacy and veracity of the threat.
The statement read: 'Based on our ongoing forensic investigation, we are treating the matter seriously at this time.'
Cybersecurity Minister Clare O'Neil issued a warning in light of the escalating risks, predicting that the frequency of cyberattacks would certainly rise and recommending the installation of more systems to safeguard customers.
Speaking on ABC radio on Thursday morning, Ms O'Neil noted that regulatory changes had been made and pointed out that cybercrime was now the 'main crime concern internationally'.
One of Australia's major private health insurers was the target of a cyberattack, and the hackers who claimed responsibility have threatened to sell critical customer information. Credit: news.com.au.
She explained: 'This is the new world that we live in. We are going to be under relentless cyber-attack, essentially from here on in.'
'So I think combined with Optus, this is a huge wake-up call for the country. And certainly gives the government a really clear mandate to do some things that frankly, probably should have been done five years ago, but I think are still very crucially important.'
Ms O'Neil added that she had spoken with Medibank CEO David Koczkar on Wednesday, claiming that the Department of Home Affairs and the Australian Cyber Security Centre of the Australian Signals Directorate had also contributed significantly to resolving the issue.
She said: 'The incident is another reminder for Australian governments, businesses and citizens to be vigilant about their cyber safety.'
Medibank would 'prioritise responding to this situation as transparently as possible,' according to Mr Koczkar.
Additionally, in response to the incident, the health insurer suspended trading of its shares on the ASX until further notice.
The Medibank CEO said: 'Our team has been working around the clock since we first discovered the unusual activity on our systems, and we will not stop doing that now.'
'We will continue to take decisive action to protect Medibank customers, our people and other stakeholders.'
Medibank first reported the 'cyber incident' on October 12, saying that the issue had affected its services. At the time, the business claimed that there was no proof that consumer data had been compromised.
A statement from the private health insurer read: 'At this stage there is no evidence that any sensitive data, including customer data, has been accessed.'
'As part of our response to this incident, Medibank will be isolating and removing access to some customer-facing systems to reduce the likelihood of damage to systems or data loss.'
'As a result, our international student policy management systems have been taken offline. We expect these systems to be offline for most of the day.'
Medibank is the most recent business to experience cyberattacks that compromise critical client data. Other companies and organisations that have recently been targeted by data hacks include Telstra, Optus, the Woolworths Group subsidiary MyDeal.com.au, and online wine retailers Vinomofo, NAB, and Optus.
The world is changing and so is the landscape of crime. In the past, criminals would target physical objects like cash, jewellery, and electronics. However, in the digital age, criminals are increasingly targeting our personal data.
It seems like more businesses are becoming targets of cyber criminals to execute their large-scale data breach and identity theft scams. These businesses normally have a lot of financial and personal information on their customers which can be used for criminal activity.
Unfortunately, as customers, we cannot do much about these issues aside from calling on the companies and the government to do better in protecting our information. They need to have better cyber security in place and be more vigilant about possible cyber attacks.
Speaking of which, what are your thoughts on this cyber attack? Did you know about this breach or did you suspect something was going on? Let us know your thoughts in the comments below.
The latest victim? Medibank, one of Australia’s largest private health insurers.
According to reports, hackers have taken credit for the company's cyberattack and have threatened to release private client data if their ransom demands are not satisfied.
While authorities have yet to verify the legitimacy of the cyber hacker's messages, the Sydney Morning Herald claimed that the hackers initially sought a $1 million bitcoin ransom but later increased it to $2 million after the payment did not go through
Additionally, the cybercriminals said that they were looking at retrieving data from 'persons of interest' whose information can then be used for scamming other people who weren’t directly impacted by the breach.
The insurance provider has purportedly received a ransom note from the hackers responsible for the Medibank cyberattack. Credit: NCA NewsWire/Paul Jeffers.
They wrote: 'We offer to start negotiations in another case we will start realising our ideas like 1. Selling your Database to third parties 2. But before this we will take 1k most media persons from your database (criteria is: most followers, politicians, actors, bloggers, LGBT activists, drug addictive people, etc) Also we’ve found people with very interesting diagnoses. And we’ll email them their information.'
Medibank said in a statement issued on Wednesday afternoon that it has spoken with a party that 'wishes to negotiate with the company regarding their alleged removal of customer data.'
It stated that the business was currently 'working urgently' to determine the legitimacy and veracity of the threat.
The statement read: 'Based on our ongoing forensic investigation, we are treating the matter seriously at this time.'
Cybersecurity Minister Clare O'Neil issued a warning in light of the escalating risks, predicting that the frequency of cyberattacks would certainly rise and recommending the installation of more systems to safeguard customers.
Speaking on ABC radio on Thursday morning, Ms O'Neil noted that regulatory changes had been made and pointed out that cybercrime was now the 'main crime concern internationally'.
One of Australia's major private health insurers was the target of a cyberattack, and the hackers who claimed responsibility have threatened to sell critical customer information. Credit: news.com.au.
She explained: 'This is the new world that we live in. We are going to be under relentless cyber-attack, essentially from here on in.'
'So I think combined with Optus, this is a huge wake-up call for the country. And certainly gives the government a really clear mandate to do some things that frankly, probably should have been done five years ago, but I think are still very crucially important.'
Ms O'Neil added that she had spoken with Medibank CEO David Koczkar on Wednesday, claiming that the Department of Home Affairs and the Australian Cyber Security Centre of the Australian Signals Directorate had also contributed significantly to resolving the issue.
She said: 'The incident is another reminder for Australian governments, businesses and citizens to be vigilant about their cyber safety.'
Medibank would 'prioritise responding to this situation as transparently as possible,' according to Mr Koczkar.
Additionally, in response to the incident, the health insurer suspended trading of its shares on the ASX until further notice.
The Medibank CEO said: 'Our team has been working around the clock since we first discovered the unusual activity on our systems, and we will not stop doing that now.'
'We will continue to take decisive action to protect Medibank customers, our people and other stakeholders.'
Medibank first reported the 'cyber incident' on October 12, saying that the issue had affected its services. At the time, the business claimed that there was no proof that consumer data had been compromised.
A statement from the private health insurer read: 'At this stage there is no evidence that any sensitive data, including customer data, has been accessed.'
'As part of our response to this incident, Medibank will be isolating and removing access to some customer-facing systems to reduce the likelihood of damage to systems or data loss.'
'As a result, our international student policy management systems have been taken offline. We expect these systems to be offline for most of the day.'
Medibank is the most recent business to experience cyberattacks that compromise critical client data. Other companies and organisations that have recently been targeted by data hacks include Telstra, Optus, the Woolworths Group subsidiary MyDeal.com.au, and online wine retailers Vinomofo, NAB, and Optus.
It seems like more businesses are becoming targets of cyber criminals to execute their large-scale data breach and identity theft scams. These businesses normally have a lot of financial and personal information on their customers which can be used for criminal activity.
Unfortunately, as customers, we cannot do much about these issues aside from calling on the companies and the government to do better in protecting our information. They need to have better cyber security in place and be more vigilant about possible cyber attacks.
Speaking of which, what are your thoughts on this cyber attack? Did you know about this breach or did you suspect something was going on? Let us know your thoughts in the comments below.
.png){kind=icon}
