Health insurer Medibank becomes the latest victim of cyberattack

[Gandalf_The_Grey]

Content source

https://www.neowin.net/news/health-insurer-medibank-becomes-the-latest-victim-of-cyberattack/

Medibank, the health company providing private health insurance and health services to over 3.9 million people in Australia has been hit by a cyberattack.

The incident came to light after the company reported that it had detected some unusual activity on its network although it claims it has found no evidence of customer data access or data loss so far. However, Medibank has assured it is taking all necessary steps to cover for the impact the incident may have caused, and as a precautionary measure, the bank will remove access to some customer-facing systems to reduce the possibility of damage to systems or data loss.

Meanwhile, an information page has been put up on the Medibank website to provide the latest updates about the incident and help numbers have been issued to provide the latest updates about the incident. Medibank and ahm (Australian Health Management) customers who would like to have more information about the incident can contact via phone (1300 573 942 for ahm customers and 13 23 31 for Medibank customers).

Health insurer Medibank becomes the latest victim of cyberattack

Medibank, the Australian private health insurance provider has been hit by a cyber incident. Currently, It is investigating the nature of the incident and any impact it may have on its customers.

www.neowin.net

 

[Viking]

Seems like Australia are the hackers flavour of the month (or 2) at the moment.

 

[upnorth]

Australian health insurer Medibank has revealed it's been contacted by a group that claims to have its customers' data and is threatening to distribute it.

Health insurer's infosec incident diagnosis worsens

Australia's Medibank says it's been shown stolen data that includes details of treatments administered to customers

www.theregister.com

 

[Viking]

So far, half of the Australian population have their personal information stolen in the past 2 months due to data breaches (that's 13 million people).

 

[upnorth]

access to all customer data​

 

[Viking]

The criminals also have past Medibank customers data who switched to another company from up to 7 years ago, as Medibank keep their customers data for 7 years.

 

[Viking]

Update::

Medibank have announced that they will NOT pay the ransom.

 

[Gandalf_The_Grey]

Ransomware gang threatens to release stolen Medibank data

A ransomware gang that some believe is a relaunch of REvil and others track as BlogXX has claimed responsibility for last month's ransomware attack against Australian health insurance provider Medibank Private Limited.

Medibank is one of Australia's largest private health insurers, covering over 3.9 million people and having 4,000 employees.

While until now, the attack on Medibank hasn't yet been attributed to a specific ransomware group, the company did confirm that the malicious activity observed on its network matches ransomware activity.

The ransomware gang threatened today in a new entry added to its data leak website that it would leak data allegedly stolen from Medibank's systems within 24 hours.

The gang is yet to reveal how much data it exfiltrated out of Medibank's network and hasn't shared any proof to verify these claims.

Ransomware gang threatens to release stolen Medibank data

A ransomware gang that some believe is a relaunch of REvil and others track as BlogXX has claimed responsibility for last month's ransomware attack against Australian health insurance provider Medibank Private Limited.

www.bleepingcomputer.com

 

[Viking]

Medibank Confirms Data Stolen in Breach is Now Available Online​

Medibank confirmed earlier today that the criminal behind a data breach that impacted roughly four million Australians has released files on a dark web forum.

According to a company’s blog post, the leaked data includes personal data like names, addresses, dates of birth, phone numbers, email addresses and Medicare numbers for ahm customers. Also included were passport numbers for international students and some health claim data.

“The files appear to be a sample of the data that we earlier determined was accessed by the criminal,” wrote Emily Ritchie, the senior executive of external affairs at Medibank.

“We will continue to work around the clock to inform customers of what data we believe has been stolen and any of their data included in the files on the dark web and provide advice on what customers should do.”
Further, the executive said that Medibank is currently working with the Australian Government on this incident, which is also being investigated by the Australian Federal Police.

“Over the last 24 hours, we wrote to our customers to alert them to the threat from the criminal that they could begin releasing stolen Medibank customer data on the dark web and that the criminal could also attempt to contact customers directly,” Ritchie added.

Finally, the executive said Medibank expects the criminal to continue releasing files on the dark web.
The publishing of the data on the dark web was expected after Medibank refused to pay the attacker’s ransom demand earlier this week, according to Julia O’Toole, CEO of MyCena Security Solutions.

“However, this seems like a risk Medibank was willing to take, even though this could significantly compromise its customers. Whether this was a move to stand up against the attackers, it is customers who are now paying the price,” O’Toole told Infosecurity.

According to the security expert, the health information of 200 private citizens posted online is highly confidential and cannot be changed.

“Losing the privacy of such information is not only devastating, but victims must also be on the lookout for phishing scams coming not just through email, but also via the phone and post. Furthermore, the risk of identity theft has just skyrocketed for each of these people now,” O’Toole added.

She added that the Medibank data breach is only the latest in Australia and possibly not the last one.
“We may not have seen the end of this long chain of attacks that has rocked the country in recent months. Other countries should be warned this can become a template for other criminals to follow,” O’Toole concluded.

Medibank Confirms Data Stolen in Breach is Now Available Online

The leaked data includes personal data like names, addresses and phone numbers, among others

www.infosecurity-magazine.com

 

[Viking]

‘We know who you are’: Australian police say Russian cybercriminals behind Medibank hack​

The Australian federal police say hackers in Russia are responsible for the Medibank data breach, with the commissioner stating “we know who you are”.

Reece Kershaw said on Friday that the AFP had identified the hackers while working with Interpol.

“Our intelligence points to a group of loosely affiliated cybercriminals who are likely responsible for past significant breaches in countries across the world,” Kershaw said.

“These cybercriminals are operating like a business, with affiliates and associates who are supporting the business.”

The commissioner said some of those involved could be in countries other than Russia but the AFP would be talking with Russian law enforcement about the individuals it had identified.

Kershaw said Russia was accountable to Interpol, given it benefited from intelligence sharing. He said the AFP was also “scouring the internet and dark web” to find people seeking to profit from the Medibank hack.

“To the criminals – we know who you are and, moreover, the AFP has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system,” Kershaw said.

His statement confirmed what was already assumed about the hackers – that they were Russia-based and had been posting the data on a dark web forum linked to the REvil ransomware group.

‘We know who you are’: Australian police say Russian cybercriminals behind Medibank hack

 

[plat]

It seems Deutsche Bank was hacked and the same broker who handled access to Medibank's data is involved in this one (reportedly). Lawrence Abrams was tagged so one expects an update via Bleeping Computer later on.

Spoiler

 

[plat]

Medibank mental health data posted on dark web as Russian hackers vow to ‘keep our word’

Group releases file containing hundreds of customer claims as government considers banning ransom payments for cybercrime

www.theguardian.com

Medibank customer data related to claims for mental health treatment are the latest to be posted on the dark web by the Russian hacker group.

On Sunday night the group posted a file on its dark web blog labelled “psychos”, which contains hundreds of claims from policyholders that appear to be related to mental health treatment.

The group said “we always keep our word” and added they would not have posted the data if a ransom was paid.

“We never lies [sic] – it doesn’t make sense, if we lie to somebody – nobody will treat us as a serious business side [sic].”

Source

Edit: reading further along Mr. Hunt's thread, he does report that class-action lawsuits are currently being prepared against Medibank, who might have foreseen this since they apparently didn't pay the ransom.

 

[Viking]

Medibank hacker releases more private health information​

The hacker, or hackers, behind the Medibank cyber attack have re-emerged after several days of online silence, releasing more private health information on the Dark Web.
Having released information last Monday and stating they would "hope something meaningful happens on Wednesday", an assumed reference to the Medibank AGM, the hacker this morning released their largest batch of data to date.
Up to 1496 records have been exposed across four separate files they released.

9News is choosing not to reveal the name of those files, or the health conditions they relate to, but can say that the conditions would fall into some of the most deeply personal areas of healthcare.
Today's release takes the total number to over 2700 records released, and while there are names repeated within the files, it's likely over 2500 Australian's are affected by these leaks of stolen data.

Medibank hacker releases more private health information

www.9news.com.au

 

[Viking]

Medibank hackers announce ‘case closed’ and dump huge data file on dark web​

The size of the data file suggests it may be the full trove of hundreds of thousands of customers’ private records that were stolen from the health insurer

A 5GB file has been posted on the dark web by cybercriminals behind the Medibank hack, with the size indicating it could contain the remainder of customer data.

The cybercriminals behind the Medibank cyber-attack have posted on the dark web what appears to be the remainder of what customer data they took from the health insurer, stating it is “case closed” for the hack.

On Thursday morning, the blog – which returned online after several days of being offline last week – posted “Happy Cyber Security Day!!! Added folder full. Case closed.” and included a file that has several compressed files amounting to over 5GB.

Guardian Australia has not verified the files, but the file size and the comments on Thursday indicate it could be the full amount of information the hackers took from the Australian health insurer.

The hackers had previously told Medibank in communications prior to the data dump that they were able to extract around 200GB of customer files compressed to 5GB.
Is it worth taking out personal cyber insurance in case you are caught up in a data hack?
The breach covers 9.7 million current and former customers, including 5.1 million Medibank customers, 2.8 million ahm customers and 1.8 million international customers.

The insurer says health claims for about 160,000 Medibank customers, 300,000 ahm customers and 20,000 international customers were accessed. The information exposed includes service provider names and codes associated with diagnosis and procedures.

There were also 5,200 My Home Hospital patients who had their personal and health data accessed, and 2,900 next of kin of these patients who had some contact details accessed.

Medibank hackers announce ‘case closed’ and dump huge data file on dark web

Medibank confirms it may be the full trove of hundreds of thousands of customers’ private records that were stolen from the health insurer

www.theguardian.com

 

[upnorth]

Australian health insurance company Medibank will take all of its IT systems offline and close its branches over the weekend as part of its ongoing efforts to improve security and recover from a massive data security breach in October.

The planned outage, dubbed Operation Safeguard, begins at 2030 Sydney time on Friday, December 9. The insurer said it expects all systems to be back online by Sunday "at the latest." Microsoft's response team will show up at the insurer's Melbourne headquarters to help with the security overhaul. "While there has been no further suspicious activity detected inside our systems since 12 October 2022, as part of the next stage of our work we are undertaking maintenance across some of our systems to further strengthen security," Medibank said in its most recent update.

The Oz outfit also added two-factor authentication in its contact centers, according to the alert.

Medibank IT systems will go offline over the weekend

If safety regulations are written in blood, what are security policies written in? Sweat and cursing?

www.theregister.com

What's wrong with this company??? It's December now and they where hit/attacked in, October and they still haven't done what most other companies/organizations would do. Yikes!