DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Health insurer Medibank enters trading halt after cyberattack, says it received communication from alleged hackers (UPDATED)

Posted on October 19, 2022 by Dissent

Nino Bucci reports:

Private health insurer Medibank has entered a trading halt after telling customers it had received messages from a group claiming to have accessed the data of its customers in a cyber-attack.

In a statement to the Australian stock exchange on Wednesday, the company said it had received messages from a group that wished to negotiate regarding the alleged removal of customer data.

Read more at The Guardian.

In related news, The Sydney Morning Herald quoted a passage from what is described as the ransom note, although the group sending the note was not named:

“We offer to start negotiations in another case we will start realizing our ideas like 1. Selling your Database to third parties 2. But before this we will take 1k most media persons from your database (criteria is: most followers, politicians, actors, bloggers, LGBT activists, drug addictive people, etc) Also we’ve found people with very interesting diagnoses. And we’ll email them their information.

Although Medibank is investigating the claims, there’s nothing in their latest update that says that the health insurer would pay or even negotiate with the threat actors if the claims of acquiring personal and sensitive information are confirmed. Some others appear to be interpreting their statement as indicating that they are negotiating (see, for example, IT Pro’s headline “Medibank begins negotiations with hackers who claim to have stolen data in last week’s cyber attack”). DataBreaches has sent an inquiry to Medibank’s media communications team to request clarification, but no reply was immediately received. This post will be updated when a response is received, or Medibank issues further clarification.

Medibank’s update states that the attack did not involve locking Medibank’s files, so the most compelling motivation for Medibank to pay would be to protect sensitive information on plan members.

Update:

In a statement sent to DataBreaches, Medibank provided details about communications from the threat actors, stating that they have been contacted by a criminal claiming to have stolen 200GB of data.

  • The criminal has provided a sample of records for 100 policies which we believe has come from our ahm and international student systems.
  • That data includes first names and surnames, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers and some claims data.
  • This claims data includes the location of where a customer received medical services, and codes relating to their diagnosis and procedures.
  • The criminal claims to have stolen other information, including data related to credit card security, which has not yet been verified by our investigations.

In terms of what Medibank is currently doing, they write:

Medibank teams continue to work around the clock to understand what additional customer data has been affected, and how this will impact them.

This morning we will commence making direct contact with the affected customers to inform them of this latest development, and to provide support and guidance on what to do next.

We expect the number of affected customers to grow as the incident continues.

We will continue to contact affected customers.

Medibank urges our customers to remain vigilant, and encourages them to seek independent advice from trusted sources, including the Australian Cyber Security Centre at cyber.gov.au

If they expect the number of affected customers to grow, it does not sound like they expect to reach a deal with the criminal, but DataBreaches notes that they did not directly answer the question DataBreaches had put to them about whether there were any negotiations.

For customer support, they offer the following:

To reduce wait times for our customers, we have redeployed our people to support new cyber response hotlines in our call centres.

Medibank and ahm customers can contact us by phone (for ahm customers 13 42 46 and for Medibank customers 13 23 31) or visit the information page on the website for any updates.

Our customers can also speak to Medibank’s experienced and qualified mental health professionals 24/7 over the phone to discuss any mental health questions or issues.

Medibank is in discussions with government stakeholders about what else we can do to assist our customers in safeguarding their identities and health information, and we will be in touch with customers about those steps directly.

Category: Health DataMalwareNon-U.S.

Post navigation

← In Germany, ransomware attack halts circulation of some newspapers; country’s cybersecurity chief fired over possible ties to Russian intelligence
Vinomofo data breach: 500,000 customers at risk after wine dealer hit by cyber-attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.