Five stolen data sets from the private health insurer Medibank, including information on mental health treatment, have been made public by Russian cybercriminals. Medibank’s infrastructure was breached last month as we have reported.
Last Sunday, David Koczkar, the company’s chief executive, revealed that the hackers who last month used ransomware to steal the data of millions of present and past clients had made the information available on the dark web.
It happens after the business declined to hand up the US$10 million demanded by the hackers, who the Australian federal police believe to be Russian cyberterrorists.
Four folders containing roughly 1,500 patient records from the data were made available.
In a statement, Medibank acknowledged that the data included includes patient information for those with cancer, dementia, mental health issues, infections, and chronic diseases like heart disease.
According to the firm, “Some of the persons on the list have been diagnosed with mental diseases, or delirium, which is an immediate change in mental status that can be brought on by sickness, injury, surgery, or medications.”
Delirium is a brief syndrome that is frequently seen in hospitals, especially in elderly patients who become disoriented to their surroundings.
Koczkar said in a statement that the organization was still determining the veracity of the most recent data leak, which included around 1,500 patient files. The corporation said that 123 of the documents had already been made available in data releases in the past.
He said that the company’s records and some previously released data did not match up, and a study of the most recent patient records by the company revealed that many of the patient records did not fit the descriptions provided by the hackers.
Through our Cyber Response Support Program, we will keep helping everyone who has been affected by this crime. Support for mental health and wellbeing, identity protection, and measures for dealing with financial difficulty are included,” Koczkar said.
“The Australian Federal Police have said law enforcement will take swift action against anyone attempting to benefit, exploit or commit criminal offenses using stolen Medibank customer data. We continue to work closely with the Australian Federal Police who are focused, as part of Operation Guardian, on preventing the criminal misuse of this data.
“Again, I unreservedly apologise to our customers. We remain committed to fully and transparently communicating with customers and we will continue to contact customers whose data has been released on the dark web.”