Cyber-extortionist leaks Australians’ medical records online
Al JazeeraMAR 10 2023
The cybercriminal or criminal organization that stole sensitive records from one of Australia's largest healthcare companies demanded on Thursday roughly $10M to stop leaking the data, as they uploaded even more confidential details about customers.
Early Thursday, the hacker published a message on the dark web asking Medibank to pay $1 for each of the 9.7M customer files that were stolen in last month's data breach.
This comes as they uploaded a second batch of files to a dark web forum with more sensitive details about hundreds of Medibank customers, who they've divided into "naughty" and "nice" lists, with the "naughty" label apparently pertaining to those who received treatment related to drug abuse, and sexually transmitted infections. On Thursday, one more file about abortions was added.
Unfortunately, this is the new world that we live in. The Medibank breach is a huge wake-up call that shows the need for an overhaul of information and privacy protection. From here on in, companies must be aware that they're under relentless cyber-attack. Australia's institutions are generally well prepared but can do even more to safeguard classified information.
Cybersecurity isn't taken seriously enough in either the public or private sector. Most business leaders believe that their enterprises are safe from harm, but the truth is far less comforting. In a 2021 study, a staggering 63% of businesses said they had experienced a cyberattack. The hidden cost isn't the value of the stolen information but losing the customer's trust — and the impact that may have on the attacked company's share value.