One of Australia’s largest health insurers, Medibank, has said it will not pay to get its data back after a recent ransomware attack.
The decision was confirmed by the company’s CEO, David Koczkar, via LinkedIn, after a somewhat lengthy post on the platform earlier this week, where he told Medibank customers about any issues caused by the attack, but said paying the ransom would make matters worse.
“Based on the extensive advice we have received from cybercrime experts, we believe there is only a limited chance that paying a ransom will ensure that our customers’ data is returned and that it will not be lost. published,” he said. “In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers and there is a high probability that paying will endanger more people by making Australia a bigger target.”
According to Koczkar, the ransomware attack that took place in late October 2022 gave threat actors access to personal data of about 5.1 million Medibank, 2.8 million AHM and 1.8 million international current and former customers, and health claim data for about 160,000 Medibank, 300,000 ahm and 20,000 international customers.
“The criminal had no access to credit card and bank details or health claim data for additional services,” the CEO confirmed.
He further warned customers to remain vigilant as the cybercriminals could now try to use the newly accessed data for secondary attacks. Scammers can contact customers directly and try to use the knowledge to scam them by giving away payment details or something similar. They can also use the personally identifiable information in identity theft attacks.
To address the issue of ransomware, Medibank says it is expanding its Cyber Response Support Program to include a cybercrime health and wellness line, proactive support for vulnerable customers, tailored preventive health advice, and dedicated cybercrime resources and personal duress alerts for vulnerable customers. customers, concluded the CEO.
The Australian Government, the Australian Cyber Security Center and the Australian Federal Police have been notified and are currently investigating the matter.
Via: InfoSecurity Magazine (opens in new tab)