Hackers Threaten To Release Ransomed Health Data

Hackers claiming to have stolen reams of data from Medibank Private have threatened to sell confidential customer information, including sensitive health conditions and credit card details, unless the insurer pays it a ransom.

In a message obtained by this masthead, the hacking group claims to have stolen 200 gigabytes of sensitive information from Medibank, and threatens to contact its 1000 most prominent customers with their own personal information as a warning shot. This masthead was unable to verify the authenticity of the claims but in a response to questions on Wednesday afternoon, Medibank acknowledged it had received a threat and was taking it seriously.

The message to Medibank, obtained by The Sydney Morning Herald and The Age, makes a series of ultimatums in broken English.

“We offer to start negotiations in another case we will start realizing our ideas like 1. Selling your Database to third parties 2. But before this we will take 1k most media persons from your database (criteria is: most followers, politicians, actors, bloggers, LGBT activists, drug addictive people, etc) Also we’ve found people with very interesting diagnoses. And we’ll email them their information.”

Medibank, which has 3.9 million customers, first disclosed the hack last week and initially said there was no evidence any sensitive customer data had been accessed. The purported threat to release sensitive customer information, including health records, represents a significant escalation in the recent wave of cyberattacks against Australian companies.

Telco giant Optus was recently hit by the biggest cyberattack in Australian history, and a string of other companies have been affected by the issue in recent weeks, including wine retailer Vinomofo and Woolworths’ MyDeal website.

Hackers routinely demand ransoms for the return or deletion of stolen information but payment is no guarantee that they will follow through, given the criminal nature of their actions.

Trading in Medibank shares was halted on Wednesday but the company issued an update on the situation to the ASX after the market close confirming it had been approached by a group alleging to have stolen data and wanting to open negotiations.