The hackers who stole the patient data of over 9.7 million customers from Medibank Private Limited posted yet another collection of files late on 13 November. The file leaked on the dark web was pertaining to mental health and was named ‘psychos’ by the cybercriminals. The post announced the next data will be leaked on Friday on the dark web blog that is also linked to the Russian ransomware gang REVil.
Meanwhile, the Australian health insurance company is going ahead with its plans for the upcoming annual general meeting when the company will be facing questions from shareholders and the media on the cyberattack. The meeting will be held on 16 November and the live webcast will be available for all to view.
Customers continue to suffer
In a previous leak, the hackers made statements that read, “Added one more file abortions.csv …”. Abortion details of Medibank customers were released last week on the dark web. The post further read, “Society ask us about ransom, it’s a 10 millions USD (A$15.5 million). We can make discount 9.7m (A$15 million) 1$ (A$1.60)=1 customer.” The leak that started on Wednesday is still ongoing with more threats of data release if the ransom is not paid.
An earlier leak contained details of the alcohol use of patients and was titled ‘Boozy.csv’. The company made it clear in its statement that those downloading and using the leaked health information will be held accountable for it. “Anyone who downloads this data from the dark web, which is more complicated than searching for information in a public internet forum, and attempts to profit from it is committing a crime,” said the company announcement.
Russia reacts to allegations
The Russian embassy in Australia responded to the allegations made by the Albanese government. The statement read, “For some reason, this announcement was made before the AFP even contacted the Russian side through the existing professional channels of communication.” This came as a response to the Australian federal police commissioner, Reece Kershaw’s statement that said that the culprit for the Medibank data breach is in Russia and is operating as a business.