Cybersecurity woes for major Australian firms continue as health insurance giant Medibank experienced a data breach that saw 200 GB in medical records stolen by a hacker and held for ransom.
The company initially misidentified the attack as involving ransomware, but it appears to have simply been a matter of data exfiltration. The amount of the ransom remains unknown; the hacker has leaked about 100 records that contain an assortment of information that reportedly includes medical conditions and addiction treatment records.
With some 3.7 million customers and a market share of about 27%, Medibank is the largest health insurance provider in Australia. The company had its trading halted by the Australian Securities Exchange on Wednesday the 19th after the hacker made contact with the company in private, claimed to have 200 GB in stolen data, and provided a sample of about 100 customer policies to verify that the attack was legitimate.
Customer health insurance policies contain an assortment of personal contact information: full names, home addresses, birth dates, and phone numbers, at a minimum. More distressing to Australians is the inclusion of national health care identification numbers, only weeks after major telecommunications provider Optus was breached. The loss of national identification numbers in that attack caused backlogs at government agencies as many people lined up to have their numbers changed.
Full article here https://www.cpomagazine.com/cyber-security/australias-medibank-health-insurance-data-held-for-ransom-200-gb-of-medical-records-stolen/
#Australia #Medibank #health #insurance #ransom #YOKdata #blog