More sensitive health data posted as Medibank hacker demands $15 million ransom

Facebook X Reddit Pinterest

Medibank has described the release of more customer data ont the dark web as ‘deplorable’ and ‘a weaponisation of people’s private information’.

The person claiming to be the Medibank hacker revealed this morning their ransom demand to the health insurer.

On the dark web post additional text was added, stating: “Society ask us about ransom, it’s a 10 millions (sic) usd. We can make discount 9.7m 1$=1 customer.”

At current rates, US$9.7 million is worth $15.07 million.

The alleged hacker, also posted: “Medibanks (sic) CEO stated, that ransom amount is ‘irrelevant’. We want to inform the customers, that He refuses to pay for yours data more, like 1 USD per person. So, probably customers data and extra efforts don’t cost that.”

Following the release of 200 users’ personal health data yesterday, the hacker has today posted an additional file of information allegedly obtained in the hack.

While the file is titled “abortions”, 9News.com.au understands the diagnostic code listed in the file against the names of over 300 Australian men and women actually refers to an admission for “Supervision of high risk pregnancy, unspecified, first trimester“.

As one of Australia's biggest health insurance providers, Medibank holds information that includes intimate medical records — The person claiming to be the Medibank hacker has revealed this morning their ransom demand to the health insurer. (Adobe Stock)

“The release of this stolen data on the dark web is disgraceful,” CEO David Koczkar said.

“We take the responsibility to secure our customer data seriously and we again unreservedly apologise to our customers.

“We remain committed to fully and transparently communicating with customers and we will be contacting customers whose data has been released on the dark web.

“The weaponisation of people’s private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community.

“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care.”

With so much information already leaked, there is a high risk of scams and individual ransom demands to come for the 500 or so Australians whose personal data has already been published.

Those customers should be on high alert for scammers.

As a reminder, Medibank said again today it would never contact customers to ask for passwords or sensitive information.

Medibank is yet to contact the 500,000 customers who have had health data stolen to specifically advise them that they are among the group for whom the hacker has more than just contact information.

22-time grand slam champion Todd Woodbridge. — Former tennis champion Todd Woodbridge says he was targeted by scammers. (Getty)

Former tennis champion Todd Woodbridge has said he believes he may be one of them and has been targeted by scammers following the hack.

Woodbridge, a Medibank customer, said he suffered a minor heart attack last month and recently received a phone call from scammers who tried to get him to pay a “hospital bill”.

They knew the hospital he had stayed at along with other personal information, but Woodbridge, who had already paid the bill, said he didn’t hand over any account information.