While those of us who report on ransomware groups may not be sure whether to refer to the group responsible for a ransomware attack on Medibank as “REvil” or “BlogExx,” the more important story is that the hackers did start leaking data stolen from Medibank. The data, published on the dark web, included screencaps from what purports to be chats or negotiations between Medibank and the ransomware group. The last snippet is a Medibank representative seemingly stating that they will not be paying ransom. Medibank has not confirmed whether the snippets are accurate representations of any negotiations.
Of some concern, two files with health insurance claim information of named insured members appeared to have been sorted by the threat actors into files labeled “naughty” and “good.” Inspection of the files suggests that the sorting was based on the claims’ primary diagnoses. Claims where the primary diagnosis involved substance abuse disorder or another potentially stigmatizing condition were in the “naughty-list” file. Claims involving less stigmatizing but personal and sensitive primary diagnoses were in the “good-list” file.
Medibank continues to issue daily updates that attempt to alert their insured members about the troubling situation. Still, some members have undoubtedly been distressed to find that their sensitive information has been dumped for anyone and everyone to access.
Rod McGuirk reports:
Client data from Medibank, Australia’s largest health insurer, has been released by an extortionist, including details of HIV diagnoses and drug abuse treatments, after the company refused to pay a ransom for the personal records of almost 10 million current and former customers. The company says the material appears to be a sample of data that was stolen last month. Medibank expects the thief will continue releasing more data. Prime Minister Anthony Albanese is a Medibank customer and has had personal data stolen. He welcomed the company’s refusal to pay the hacker to have the records returned.
You can read more at The Public’s Radio.