One of Australia’s largest health insurers, Medibank, has said it will not pay for its data recovery after another ransomware attacks.
The decision was confirmed by the company’s CEO, David Kojkar, via LinkedIn, after a somewhat longer post on the platform earlier this week in which he told Medibank clients about any issues stemming from the attack, but said paying the ransom demand could make things worse. .
“Based on the extensive advice we have received from cybercrime experts, we believe there is only a limited opportunity to pay a ransom to ensure our customers’ data is returned and prevent its dissemination,” he said. “In fact, paying can have the opposite effect and encourage a criminal to extort our customers outright and there is a strong chance that paying is putting more people in harm’s way by making Australia a bigger target.”
According to Koczkar, the ransomware attack, which occurred in late October 2022, allowed the threat actors to access the personal details of approximately 5.1 million Medibank, 2.8 million ahm, and 1.8 million current and former international customers, and health claims data of about 160,000 Medibank, 300,000 Ah, and 20,000 international client.
“The criminal did not obtain credit and bank card details or health claims data to obtain additional services,” the CEO emphasized.
He also warned customers to remain vigilant, as cybercriminals can now attempt to use newly accessed data for secondary attacks. Scammers can reach customers directly and try to use the knowledge to trick them into providing payment data or the like. They may also use personally identifiable information on identity theft attacks.
To address the ransomware problem, Medibank says it is expanding its cyber-response support program to now include a cybercrime health and wellbeing line, proactive support for vulnerable customers, personalized preventive health advice and cybercrime resources and personal coercion alerts for vulnerable people. Customers, concluded the CEO.
The Australian Government, the Australian Center for Cyber Security and the Australian Federal Police have been notified and are currently investigating the matter.
Across: InfoSecurity Magazine (Opens in a new tab)