The biggest health insurance provider, Medibank, was attacked in November 2022. The Australian Federal Police claim they know the identity of the Russian criminal organization behind the ransomware attacks. After receiving access through the infected systems, the hackers spent weeks stealing data from the company's IT systems.
Gigantic ransom and data leak
The hackers demanded a ransom of $9.7 million – $1 for each of the 9.7 million people whose data was stolen. However, Medibank refused the ransom payment, and the hackers started publishing sensitive data on the internet.
The first batches of data were published on a darknet blog affiliated with the REvil Russian ransomware group. The list contains the data of around 100 people treated for drug addiction or mental health problems. Other files included information on 300 abortion-related insurance claims made by policyholders and data on 240 clients treated for alcoholism.
Several days after the attack, the AFP commissioner, Reece Kershaw, said that the investigation points towards a group of loosely connected cybercriminals who are also likely responsible for other significant data security breaches around the world.
The Australian Cyber Security Minister, Clare O'Neil, swore that the people behind the "morally reprehensible" cyberattack would be caught.
Rule number 1: do not pay the ransom
In order to pursue the people responsible for the crime, the police have begun co-operation with the country's central Interpol bureau in Moscow. The chances of extraditing the Russian hackers are low, however. Remember that in 2018, the Russian president, Vladimir Putin, emphasized that Russia would not extradite its citizens.
Experts emphasize that refusing to pay the ransom was the correct choice. Any ransom payment, regardless of the amount, fuels the business of cybercrime and makes hackers more eager to attack other healthcare facilities. Of course, the data leak has caused a significant breach of private information. However, paying the demanded ransom does not guarantee the safety of the data in such situations. Hackers have no moral code.
How to defend against hackers?
Medibank immediately launched a 'support package' for the affected clients. It contains advice on identity protection and reimbursement of ID replacement fees.
It is currently unknown whether Medibank's clients will receive damages due to the breach (of privacy) or whether Medibank will be tried for insufficient protection of sensitive medical data.
This example shows that the consequences of data leaks are very severe – ransomware attacks may lock IT systems up, which directly puts patients at risk. Aside from that, there are also huge costs of dealing with the consequences. For example, Medibank shares have plunged 22% since the company revealed the hack. For this reason, spending on data security is the best investment to avoid such situations. Some ways of increasing security are training, tests, purchasing the appropriate software, or archiving data in a different location. We put advice on this particular topic in our regular guide on data security.