Medibank cyber attack: Hacker threatens to leak 200GB of personal data including doctors visits

Disturbing details have emerged about the mysterious hacker who stole 200GB of confidential customer information from one of Australia’s largest health insurers, as experts warn the breach is “very serious”.

Medibank said it would work closely with the Australian Federal Police to investigate the cyber attack after the hackers responsible gained access to highly sensitive information, including doctor visits from customers.

In a statement on Thursday, the health insurer said the “criminal” had provided a sample of customer data from 100 policies believed to have come from Medibank’s AHM health insurance and international student systems.

The data includes first and last names, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers and some claim information.

The stolen information also displays the location where a customer received medical services and codes related to their diagnosis and procedures.

IT expert Paul Smith warned that the Medibank breach “has become very serious” after it was confirmed Thursday that the major data breach was real.

“Confirmation, the hacker’s details, are real and include where a customer received medical services, codes related to diagnosis and procedures,” he tweeted.

“Plus names, addresses, date of birth, Medicare numbers, policy numbers, phone numbers, and some claim details.”

Cybersecurity journalist Jeremy Kirk said credit card details were the least of concerns for customers compared to more sensitive medical information.

“Medical codes related to diagnoses and procedures should be among the most sensitive information about a person. Horrible. And remember that paying a ransom does not mean that this data is safe,” he tweeted.

Medibank chief executive David Koczkar said he “apologised unconditionally” for the breach.

“I know that many will be disappointed in Medibank and I recognize that disappointment,” he said in a statement on Thursday.

This cybercrime is now the subject of an investigation by the Australian Federal Police. We will learn from this incident and share our lessons with others.

“Medibank remains open and transparent and will continue to provide extensive updates as often as we can and need.”

The statement said a trade freeze in Medibank shares will continue as the health insurer works with the AFP, government stakeholders and the Australian Cyber ​​Security Center (ACSC).

Earlier this week, broken English reports from the hacking group claimed 200 gigabytes of sensitive information, including health records, had been stolen.

The group said as a “warning shot” it would contact the insurer’s 1,000 most prominent customers, including “politicians, actors and activists.”

Starting Thursday, Medibank will contact affected customers directly to inform them about this latest development and to provide support and guidance on what to do next.

Customers affected by the breach have been invited to speak with the insurer’s mental health professionals by phone to discuss their concerns.

Medibank has more than 3.9 million customers.

The health insurer said last week that it immediately took steps to “contain the incident” and engaged expert cybersecurity firms to work on the breach.

The steps include taking some of its customer-facing computer systems offline.

The hack follows the country’s largest-ever cyber breach, when the personal data of up to 10 million Optus customers was recently exposed to hackers.

Telstra also revealed a data breach this month in which 30,000 current and former employees posted their names and emails online.