Over the last two months, a frightening data leak in Australia has exposed the private medical information of 9.7 million customers. Medibank, a leading private health insurer, has been the victim of a ransomware attack that began in mid-October. The group claiming responsibility initially demanded a ransom of $10 million but lowered it to $9.7 to make it an even dollar for each customer affected in the breach. Experts have advised Medibank not to pay the hackers, and so far, they are taking this advice, realizing that the chance of any data being returned or deleted is slim to none. However, the hackers are not taking it well and have begun to publish the data, organized into distasteful categories based on the medical services requested. Let's review how the incident developed.

Timeline of the Breach

Medibank found unusual activity on its servers on October 12th and reported it the next day, saying they had no evidence that customer data had been accessed. After isolating and restarting core systems over the next two days, Medibank attempted to resume business as usual.

On October 17th, Medibank released a statement the same day that the breach was "consistent with a possible ransomware threat." At this time, they added additional security measures and called in cybersecurity experts. Up to this point, no evidence of exfiltration of customer data was found. Some customer services are cautiously brought back online.

Medibank confirmed on October 20th, that data sent to them by the hacking group was legitimate. Over the next few days, an official investigation begins with the Australian Federal Police, and Medibank creates a support package of services to help those affected. These services include access to specialized teams to help those who were becoming the victims of ID theft and scam attempts.

After a few weeks of damage control, Medibank publicly announced on November 7th that they would not be paying the ransom. By not paying the ransom, Medibank sends the message that criminals will not be rewarded for extorting customers' information. The next day, the data begins to be slowly leaked to dark web forums and offered for sale.

On November 11th, the Australian Federal Police and Interpol claimed they had evidence that the hacker group was in Russia. However, there are some indications that the hackers may be linked to REvil, AKA the Sodinokibi organized crime group responsible for the JBS Foods attack last June.

As of the date of this article, November 15th, Australian and International authorities are attempting to work with Russian Police to find the hackers responsible for the attack. Meanwhile, data leaks keep being uploaded, and consumers are advised to keep a close eye on their credit reports for any unusual changes.

No matter how large or small your company is, if you collect PII, you are a target. Hackers know that PII is valuable and that companies will (or should) do everything they can to protect it. If your company collects data, consider this one of many examples of what happens when cybersecurity is lacking. Due to moves from both the SEC and FTC this year, it is becoming clear that federal regulations are coming down the pipe that will make businesses more liable for the protection they can provide for their customers' data. iTecs can protect your data and teach your employees current best practices for safeguarding sensitive material. You can prevent the next cyberattack with a simple phone call to us - contact an iTecs professional today.

‍