One of Australia’s biggest health insurers, Medibank, has said it won’t be paying up in order to get its data back following a recent ransomware attack.
The decision was confirmed by the company’s CEO, David Koczkar, via LinkedIn, following a somewhat longer post on the platform earlier this week where he to Medibank customers for any problems caused by the attack, but said paying the ransom demand might make things even worse.
“Based on the extensive advice we have received from cybercrime experts, we believe that there is only a limited chance paying a ransom would ensure the return of our customers’ data, and prevent it from being published,” he said. “In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.”
Opposite effect
According to Koczkar, the ransomware attack that took place in late October 2022, and allowed the threat actors to access personal details of around 5.1 million Medibank, 2.8 million ahm, and 1.8 million international current and former customers, and health claims data for around 160,000 Medibank, 300,000 ahm, and 20,000 international customers.
“The criminal did not access credit card and banking details or health claims data for extras services,” the CEO confirmed.
He further warned the customers to stay vigilant, as the cybercriminals could now try and use the newly accessed data for secondary attacks. Crooks could reach out to customers directly and try to use the knowledge to scam them into giving away payment data, or similar. They could also use the personally identifiable information in identity theft attacks.
To tackle the problem of ransomware, Medibank says it is expanding its Cyber Response Support Program to now include a cybercrime health & wellbeing line, proactive support for vulnerable customers, tailored preventative health advice and resources specific to cybercrime and personal duress alarms for vulnerable customers, the CEO concluded.
The Australian Government, the Australian Cyber Security Centre, and the Australian Federal Police, have been notified and are currently investigating the matter.
Via: InfoSecurity Magazine (opens in new tab)