Russian hackers have released a further batch of private healthcare information following the recent data breach of Australian Medical insurance giant Medibank. The records released included private information about patients suffering from cancer, mental health issues, heart disease, and dementia.
Medibank Revealed Today That nearly 1,500 Customer Records Have Been Released on the Dark Web.
David Koczkar, Medibank’s chief executive, confirmed on 20 November that the threat actors (who obtained millions of customer records during a data breach in the healthcare insurance’s data system last month) had released the records on the dark web.
This development comes after Medibank’s refusal to pay a USD 10 million ransom issued by the cybercriminal hacking group.
The Organisation has Set Up Dedicated Support Services For Those Affected by the Recent Data Breach.
The health insurance provider has pledged to support victims whose personal information and social security numbers were stolen during the breach. The company has set up a “Cyber Response Support Program” to help those affected by providing guidance and assistance on identity protection measures and financial hardship issues.
The program will also support customers suffering from well-being and mental health issues due to the recent data breach. The firm has recently increased its customer service call team by over 300 new people as they look to provide support and advice for those affected by the recent ransomware attack.
Not All Of the Records Released Match Those Held by Medibank
According to Mr Koczkar, the healthcare organization are still confirming the accuracy of the information in the 1,500 records. Although, he did confirm that 123 of the records had also been included in the previous batch of data released by the ransomware group.
The company also revealed that some of the data on medical records released did not match those on the company’s records. They also didn’t match the descriptions posted by those responsible for the cyber attack.
Dark Web Users Have Been Warned Not To Try to Profit From the Released Records
In the statement, the health insurer CEO also reiterated that the Australian Federal Police would take speedy action against anyone attempting to profit from or exploit any information released. “We continue to work closely with the Australian Federal Police, who are focused, as part of Operation Guardian, on preventing the criminal misuse of this data.”
Medibank Has Issued Some Security Guidelines for Those Affected by the Ransomware Data Breach
Medibank has issued specific advice to its customers to help protect them from further distress and breaches of protected health information. These include:
- Remaining extra vigilant in looking out for possible phishing attacks by email, post, text, or phone.
- Make sure to verify all communication received to make sure they are from legitimate sources.
- Leaving texts from suspicious, unknown phone numbers unopened and unread.
- Changing all passwords regularly with strong and secure new passwords.
- Activating multi-factor security authentication on all online accounts wherever possible.
- Remember that Medibank will never contact customers and request their passwords or private information.
