World NewsAustralia News

Medibank Refuses To Pay Hackers Ransom

Save
Medibank Refuses To Pay Hackers Ransom
A woman walks past a ‘medibank’ shopfront in Canberra, Australia, on Oct. 20, 2022. (AAP Image/Lukas Coch)
11/6/2022
Updated:
11/7/2022

Australia’s largest health insurer Medibank has announced it will not give in to a cyber hackers ransom demands after at least 9.7 million of its customers had data, including full names, birth dates, phone numbers, medicare numbers, and addresses, accessed in a cyberattack in October.

“Based on the extensive advice we have received from cybercrime experts, we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published," Medibank CEO David Koczkar told Medibank customers on Monday.

“In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.”

“It is for these reasons we have decided we will not pay a ransom for this event,” he said.

The company said the decision was also consistent with the advice from the Australian government.

Customers are also warned that the data accessed could be published online or used to contact customers directly.

“We take seriously our responsibility to safeguard our customers. The weaponisation of their private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community,” Koczkar said.

“We will continue to support all people who have been impacted by this crime through our Cyber Response Support Program. This includes mental health and well-being support, identity protection, and financial hardship measures.”

Hack Now Encompasses Around 9.7 Million People

Currently, the company has warned customers that the hackers accessed the name, dates of birth, addresses, medicare numbers, phone numbers and email addresses of around 9.7 million current and former customers, including around 5.1 million Medibank customers, 2.8 million ahm health insurance customers, and 1.8 million international customers.

Australian health claim data for around 160,000 Medibank customers, around 300,000 ahm customers and around 20,000 international customers, including service provider name and location, where customers received certain medical services, and codes associated with diagnosis and procedures administered, was also breached.

However, credit card and banking details, as well as data on health claims for dental, physiotherapy, optical and psychology, were not breached, the company said.

The Australian government has activated the country’s emergency mechanism, the National Coordination Mechanism, to help deal with the hack.

Originally designed to deal with the pandemic, the mechanism allows the government to bring together agencies across the Australian government, states and territories, and the private sector to help coordinate responses to crises.

Additionally, the government has responded to the increasing cyberattacks by introducing an amendment to the Privacy Bill on Oct. 26.

The amendment will significantly increase penalties to organisations for serious or repeated privacy breaches, a move the Labor government hopes can compel businesses to do more on cybersecurity.

It will also strengthen the Notifiable Data Breaches scheme to ensure the Information Commissioner has knowledge of an incident and the data compromised.

“These amendments are targeted and measured,” Attorney General Richard Dreyfuss said. “They respond to the most pressing issues arising from the Optus data breach and other recent cyber incidents.”

SHARE THIS ARTICLE
Victoria Kelly-Clark
Author
Victoria Kelly-Clark is an Australian based reporter who focuses on national politics and the geopolitical environment in the Asia-pacific region, the Middle East and Central Asia.
twitter
Related Topics