One of Australia’s biggest health insurers, Medibank, has said it won’t be paying up in order to get its data back following a recent ransomware attack.
The decision was confirmed by the company’s CEO, David Koczkar, via LinkedIn, following a somewhat longer post on the platform earlier this week where he to Medibank customers for any problems caused by the attack, but said paying the ransom demand might make things even worse.
“Based on the extensive advice we have received from cybercrime experts, we believe that there is only a limited chance paying a ransom would ensure the return of our customers’ data, and prevent it from being published,” he said. “In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.”
Opposite effect
According to Koczkar, the ransomware attack that took place in late October 2022, and allowed the threat actors to access personal details of around 5.1 million Medibank, 2.8 million ahm, and 1.8 million international current and former customers, and health claims data for around 160,000 Medibank, 300,000 ahm, and 20,000 international customers.
“The criminal did not access credit card and banking details or health claims data for extras services,” the CEO confirmed.
He further warned the customers to stay vigilant, as the cybercriminals could now try and use the newly accessed data for secondary attacks. Crooks could reach out to customers directly and try to use the knowledge to scam them into giving away payment data, or similar. They could also use the personally identifiable information in identity theft attacks.
To tackle the problem of ransomware, Medibank says it is expanding its Cyber Response Support Program to now include a cybercrime health & wellbeing line, proactive support for vulnerable customers, tailored preventative health advice and resources specific to cybercrime and personal duress alarms for vulnerable customers, the CEO concluded.
The Australian Government, the Australian Cyber Security Centre, and the Australian Federal Police, have been notified and are currently investigating the matter.
Via: InfoSecurity Magazine (opens in new tab)
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba