NCA NewsWire / Paul Jeffers

An extortionist has demanded millions of dollars to stop leaking Australians’ medical records in one of the country’s worst cyber attacks to date

The hacker said in a message published on the dark web early on Thursday that they were seeking $10 million from Medibank, the biggest private health insurance in Australia, for each of the 9.7 million clients impacted by a significant data breach last month.

Similar data leaks and attacks have been a common occurrence in the past few months, and this adds onto a growing list of systems and institutions under attack.

A “naughty list”  was leaked earlier this week with sensitive details of clients who underwent treatment for addiction, mental health difficulties, and HIV. The cybercriminal or criminal organization also revealed information presumably linking people to their abortions.

Scott Barbour / Getty Images

Local media have made connections between the criminal organization REvil and the dark web forum where the data was posted. According to Russian authorities, REvil was shut down earlier this year at the United States’ request.

On Thursday, Medibank CEO David Koczkar reiterated an apology to consumers and called the hacker’s acts “disgraceful.”

Paying the ransom would not guarantee the return of clients’ information and might put “more people in danger by making Australia a bigger target,” according to cyber security experts. As such, Medibank has refused to do so, citing advice from cybercrime specialists.

The Australian Federal Police, which is looking into the incident, has issued a warning that accessing or even merely downloading the material could constitute a crime.

“We remain committed to fully and transparently communicating with customers and we will be contacting customers whose data has been released on the dark web…The weaponization of people’s private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community.”

David Koczkar, CEO Medibank

According to Bloomberg Intelligence, if consumers decide to sue for damages after their personal medical information was posted to a forum on the dark web, the data breach at Medibank Private Ltd. might cost the Australian health insurer A$700 million ($450 million).

In a note published on Thursday, BI analyst Matt Ingram stated that “The award of customer damages is the key variable in the ultimate cost of Medibank’s data breach”.  If 10% of the impacted consumers file a proposed class action lawsuit and receive the maximum A$20,000 in damages, the compensation bill may reach A$960 million, but BI’s base case is A$480 million, he said.

Additionally, the insurer may be subject to fines, and Ingram estimates that the $35 million charge Medibank has already raised would likely be more than doubled by the cost of rectifying the problem. These damages shouldn’t necessitate a capital raising, he said, even though they might deal a substantial hit to 2023 earnings.

This recent attack brings light to the critical issue of insecure digital infrastructure that gives hackers the room to hold states at ransom. Unless states cooperate to counteract these offenses we could be looking at situations far worse in the near future.

You May Also Like

Honor 80 Pro+ will set a New Benchmark in the MegaPixel Race

Honor is reigniting the MP war with a 160MP Rear Camera and Dual 50MP Front Camera

Nvidia RTX 4090: New Video Card Leak Highlights Tech Specs

The RTX 4090 packs 24GB of VRAM and is twice as fast as the RTX 3090.

OnePlus Buds Pro 2 Complete Specs Leaked

According to the specs report, OnePlus Bud Pro 2 will sport dual audio drivers (one 11mm and the other 6mm) in a similar fashion to Oppo’s Enco X2.

Google Pixel Watch PR and FitBit Perks Leak

These images of the Google Pixel Watch were obtained from an Amazon…