Hackers threaten to release data, Medibank refuses to pay ransom
Share
Medibank hackers have threatened to release over 9.7 million customer data in 24 hours as the health insurer announced that they will not pay for the ransom demand.
The ransomware group announced its intention to release its victims’ personal data on its darkweb blog early this week. However, the post did not include data samples to back up its threat.
“This is horrendous, but not unsurprising if you look at ransomware like a business,” cyber security expert Troy Hunt said on Twitter.
“If they don’t dump the data publicly, what message does that send to future ‘customers’?”
Medibank has confirmed almost 500,000 health claims were accessed and the personal details of former and current customers were exposed when an unnamed group hacked into its system weeks ago.
The health insurer’s CEO David Koczkar said paying a ransom could make Australia “a bigger target” for data thefts by giving criminals an incentive.
“Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” he said.
CEO Koczkar said that Medibank will be commissioning an external review to ensure that it can learn from this event while strengthening its ability to safeguard its customers.
“We take seriously our responsibility to safeguard our customers. The weaponisation of their private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community,” he said.
“We will continue to support all people who have been impacted by this crime through our Cyber Response Support Program. This includes mental health and wellbeing support, identity protection and financial hardship measures.”
Medibank’s decision to not pay for the ransom is consistent with the position of the federal government, with Minister for Home Affairs Clare O’Neil stating that it was in line with government advice.
Meanwhile, two law firms, including one behind a successful case involving an Ambulance NSW data breach, say they believe Medibank betrayed customers and breached the Privacy Act by not stopping the hack.
“Medibank has a duty to keep this kind of information confidential,” Bannister Law and Centennial Law said in a statement.
“This latest data breach exposes the lack of safeguards in place to prevent such personal and private information being released to wrongdoers and Medibank & ahm have failed policyholders in these circumstances.”
The law firms will investigate the terms of the contracts the medical insurance provided to customers and whether damages are appropriate.
With AAP
Eliza is a content producer and editor at Public Spectrum. She is an experienced writer on topics related to the government and to the public, as well as stories that uplift and improve the community.
Today’s Pick
11th Annual Aus Goverment Data Summit
April 1, 2025
7th Annual NZ Government Data Summit
May 7, 2025
3rd Public Sector Comms Week
May 14, 2025
Subscribe
We send emails,
but we do not spam
Join our mailing list to be on the front lines of healthcare , get exclusive content, and promos.
AI appointment Australia Australian boost boosts business businesses covid-19 cyber attack cybersecurity cyber security data data breach data management defence Digital employment enhance enhances fraud funding governance government grants Healthcare infrastructure Innovation Lockdown management new zealand NSW NZ online privacy public Public Sector queensland renewable energy scams security Social Media Technology telecommunications victoria
Last Viewed
Australia & NZ privacy watchdogs investigate Latitude Financial
Australian Government releases country’s first Data Strategy
Government’s looming record-keeping crisis
Australia’s first Online Safety Youth Advisory Council established
Crucial Connections