Australia: Hacker Demands $10 Million To Stop Leaking Medical Records

A cyber hacker has demanded almost $10 million to stop leaking the medical records of Australians.

In a message posted on the dark web early on Thursday morning, the hacker said it was demanding $1 from Medibank, Australia’s largest private health insurer, for each of the 9.7 million customers affected in an enormous data breach last month.

The cybercriminal or criminal organisation also posted information purporting to link clients to their abortions, after earlier this week released a list appearing to show customers who received treatments for addiction, mental health issues and HIV.

Local media have linked the dark web forum used to post the hacked data to the crime group REvil, which Russian authorities said they shut down earlier this year at the request of the United States.

Medibank CEO David Koczkar on Thursday said; “We remain committed to fully and transparently communicating with customers and we will be contacting customers whose data has been released on the dark web.

“The weaponisation of people’s private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community.”

Medibank has refused to pay the ransom, citing advice from cybercrime experts that doing so would not ensure the return of customers’ information and could put “more people in harm’s way by making Australia a bigger target”.