Abortions exposed among Australian health insurer customers

Nov 9, 2022, 9:58 PM | Updated: Nov 10, 2022, 12:52 am
FILE - A man walks past a Medibank branch in Sydney on Oct. 26, 2022. Extortionists have dumped sto...

FILE - A man walks past a Medibank branch in Sydney on Oct. 26, 2022. Extortionists have dumped stolen Medibank client records relating medical procedures on the dark web on Thursday, Nov. 10, 2022, in an effort to pressure Australia's largest health insurer to pay a ransom. (AP Photo/Rick Rycroft, FILE)

(AP Photo/Rick Rycroft, FILE)

CANBERRA, Australia (AP) — Extortionists dumped stolen client records relating to pregnancy terminations on the dark web on Thursday in their latest effort to pressure Australia’s largest health insurer to pay a ransom.

The cybercriminals began dumping customer records on Wednesday including treatments for HIV and drug addiction after Medibank this week ruled out paying a ransom for the return of the hacked data.

The criminals, who used the name “Extortion Gang,” on Thursday posted that they had demanded $9.7 million — $1 for the records of each of the 9.7 million current and former Medibank customers that were stolen.

Most concerning was the theft of health claims for almost 500,000 customers that include diagnoses and treatments.

Medibank CEO David Koczkar condemned the release of Thursday’s tranche of data as “disgraceful.”

“The weaponization of people’s private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community,” Koczkar said in a statement.

Cybersecurity Minister Clare O’Neil described the targeting of women who had terminated pregnancies as “morally reprehensible.”

“Yesterday, I indicated to the Parliament that the consequences of the Medibank hack were likely to get worse, and today those fears have been realized,” O’Neil told Parliament.

“And I want to say, particularly to the women whose private health information has been compromised overnight, as the minister for cybersecurity but, more importantly, as a woman, this should not have happened,” she added.

Medibank and government services were standing ready to support all customers in need even if a “large data dump occurs,” O’Neil said.

The extortionists have warned that the dumps will continue daily.

Cybersecurity expert and Medibank customer Nigel Phair spoke of his frustration at not knowing how much of his personal data had been stolen.

“You just don’t know what’s been lost of your own details: Is it your name, your date of birth, is it your address, is it everything and more?” Phair told Australian Broadcasting Corp.

Medibank had failed to adequately address basic risk management questions on what data was stored, where it was stored, who had access and how that data was accessed, Phair said.

“If they’d done that competently beforehand, and put appropriate controls (in place), this wouldn’t have happened,” Phair said.

The extortionists have been linked to high-profile Russian cybercrime gang REvil, short for Ransomware Evil and also known as Sodinokibi.

The Russian Federal Security Service said in January REvil “ceased to exist” after several arrests were made at the insistence of the United States.

Troy Hunt, founder of the “Have I been Pwned?” website, a service that enables users to check if their personal details have been exposed by data breaches, said it was unclear how REvil was involved.

An old REvil dark web site had started redirecting traffic to a new site that hosts the stolen Medibank data, Hunt said.

REvil could have rebranded as BlogXX, the name by which the Medibank hackers are becoming increasingly well known within cybersecurity circles, or former REvil operatives might have found a new home.

“The reality is, it’s a bit like any job — people come and go,” Hunt said.

Conversations between the hackers and Medibank that have been published with the data dumps show that the operation was initially intended to be a ransomware attack. That would have denied Medibank access to its own customer records and heightened pressure on finding a quick resolution.

But the hackers said they ran out of time to encrypt Medibank’s systems with ransomware so fell back on the plan to monetize the data that had already been stolen.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

FILE - Juul products are displayed at a smoke shop in New York, on Dec. 20, 2018. Embattled vaping ...
Associated Press

Juul reaches settlements covering more than 5,000 cases

Juul Labs has reached settlements covering more than 5,000 cases brought by about 10,000 plaintiffs related to its vaping products. Financial terms of the settlement were not disclosed, but Juul said that it has secured an equity investment to fund it. Buffeted by lawsuits, Juul announced hundreds of layoffs last month and bankruptcy appeared increasingly […]
6 hours ago
Associated Press

Editorial Roundup: United States

Excerpts from recent editorials in the United States and abroad: Dec. 5 The Washington Post on microchips, the U.S. and the future When President Biden visits a microchip factory under construction in Arizona, it might look like a political victory lap: The factory will bring $12 billion and thousands of jobs to an important swing […]
6 hours ago
FILE - Local residents gather near a generator to charge their mobile devices in an area controlled...
Associated Press

Donors race to get generators, other aid to hard-hit Ukraine

KYIV, Ukraine (AP) — When Russian forces launched a military campaign against infrastructure in Ukraine nearly two months ago, they opened a front that carried the war along power lines, water mains and heating systems to homes, schools, offices and churches. The government in Kyiv and the Western countries that have backed it with billions […]
6 hours ago
Associated Press

Co-buying a house: How platonic partners make it work

Seven years ago, Phil Levin and his girlfriend, Kristen Berman, pondered a common question: Should we move in together? Levin assumed they’d take a predictable path and find a more affordable apartment outside of pricey San Francisco. But Berman, a behavioral scientist, shared her reservations about leaving their friend network – and some facts to […]
6 hours ago
FILE -  Visitors passing an advertisement for the video game 'Call of Duty' at the Gamescom fair fo...
Associated Press

Microsoft strikes 10-year deal with Nintendo on Call of Duty

LONDON (AP) — Microsoft said Wednesday that it struck a deal to make the hit video game Call of Duty available on Nintendo for 10 years when its $69 billion purchase of game maker Activision Blizzard goes through — an apparent attempt to fend off objections from rival Sony. The blockbuster merger is facing close […]
6 hours ago
This photo provided by Toyota shows the Lexus RX 350, a midsize luxury SUV that has been fully rede...
Associated Press

Edmunds: 2023 Lexus RX 350 versus 2022 Mercedes-Benz GLE

The Lexus RX 350 has consistently been one of the best-selling midsize SUVs and a leading model for the Lexus brand. So when a new RX is released, there’s understandably a lot of interest from SUV shoppers. The redesigned 2023 RX 350 gets a new engine, improved technology and a more luxurious interior. But is […]
6 hours ago

Sponsored Articles

...
Day & Night Air Conditioning, Heating and Plumbing

Prep the plumbing in your home just in time for the holidays

With the holidays approaching, it's important to know when your home is in need of heating and plumbing updates before more guests start to come around.
(Photo via MLB's Arizona Fall League / Twitter)...
Arizona Fall League

Top prospects to watch at this year’s Arizona Fall League

One of the most exciting elements of the MLB offseason is the Arizona Fall League, which began its 30th season Monday.
...
Children’s Cancer Network

Children’s Cancer Network celebrates cancer-fighting superheroes, raises funds during September’s Childhood Cancer Awareness Month

Jace Hyduchak was like most other kids in his kindergarten class: He loved to play basketball, dress up like his favorite superheroes and jump as high as his pint-sized body would take him on his backyard trampoline.
Abortions exposed among Australian health insurer customers