Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed

On Monday, Medibank, Australia’s largest health insurance, declared that it will not pay a ransom to the hacker responsible for the recent data theft that had exposed the personal information of around 9.7 million current and former customers.

“This figure represents around 5.1 million Medibank customers, around 2.8 million AHM customers, and around 1.8 million international customers,” Medibank stated.

The company claims it discovered the attack in its IT network on October 12 in a way “consistent with the precursors of a ransomware event,” leading it to isolate its systems but not before the attacker exfiltrated the data.

According to the company’s analysis and consultation with cybercrime specialists, the hacker is highly unlikely to protect and return the stolen material even if the ransom is paid.

“In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target,” Medibank CEO David Koczkar said in a statement Monday.

Last month, Medibank disclosed that the hacker gained access to clients’ private data by using stolen high-level credentials. About 9.7 million clients, including 2.8 million AHM insurance holders and 1.8 million international customers, may have had their personal information compromised, according to the latest investigation.

Personal information such as names, ages, addresses, phone numbers, email addresses, Medicare numbers (without expiration dates) for AHM clients, passport numbers (without expiration dates), and visa data for overseas students was compromised.

Also, health claims data for around 160,000 Medibank customers, approximately 300,000 AHM consumers, and approximately 20,000 overseas customers were stolen, the company added.

“Given the nature of this crime, unfortunately, we now believe that all of the customer data accessed could have been taken by the criminal,” the company said, warning customers to be on the lookout for any possible leaks.

However, Medibank claims that no financial data or identification documents such as driver’s licenses have been compromised and that there has been no suspicious activity since October 12, 2022.

According to Koczkar, an external review will be commissioned by Medibank to gain insight into the incident and share the information with the general public.

Fortra’s vice president of threat intelligence and product strategy, Rohit Dhamankar, has voiced “wholehearted” support for Medibank’s choice to not pay the ransom and has called for a coordinated community response to data breaches.

Medibank said that it is required by law to keep customer records for at least seven years after a customer cancels service. According to comments Koczkar made to the Guardian, “there needs to be consultation and discussion” inside the Australian government about whether or not this law should be changed.

The Medibank incident is only the latest in a run of attacks across corporate Australia over the past few weeks, with telecom giant Optus confirming a breach affecting up to 10 million customer accounts, and Telstra’s third-party suppliers being hacked.

Also read: New RansomExx Ransomware Variant Switching to Rust Programming Language

5 thoughts on “Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed”

  1. Reading your article helped me a lot and I agree with you. But I still have some doubts, can you clarify for me? I’ll keep an eye out for your answers.

  2. Your article gave me a lot of inspiration, I hope you can explain your point of view in more detail, because I have some doubts, thank you.

Comments are closed.

Scroll to Top