Hackers demand $10 mn for stolen Australian health records

    Hackers demanded US$10 million to stop leaking highly sensitive records stolen from a major Australian healthcare company.
    By: AFP
    | Updated on: Nov 10 2022, 17:33 IST
    Safe online payment tricks: Know 5 easy ways to keep your money safe on UPI, Net banking
    Google Pay
    1/6 Do you use Unified Payment Interface (UPI) linked payment-making applications like Google Pay (GPay), Paytm, PhonePe, among others? The process of making online payment via these apps is simple, however, sometimes even a simple mistake like wrong click, number, among others can cause you huge monetary loss. Here are some of the safety tips which you should consider while making UPI payments. (Bloomberg)
    Google Pay
    2/6 Screen lock: Keeping a strong screen lock, password or PIN not only for your phone but also for all payment or financial transaction apps is very important. It not only saves your phone from landing in the wrong hands but also helps in avoiding leaking of personal and crucial details. However, you should avoid keeping simple passwords like your name, date of birth, mobile number, etc. (Pixabay)
    Do not share your PIN
    3/6 Do not share your PIN: You should never share your PIN with anyone. Sharing your PIN makes you vulnerable for frauds as anyone can access your phone and transfer the amount. In case you feel that your PIN has been exposed, you should change it immediately. (Saumya Khandelwal/HT PHOTO)
    image caption
    4/6 Do not click on unverified links or attend fake calls: Lots of fake messages containing links of some unverified keeps on popping in your inbox. You should avoid clicking on such links as it can cause you huge financial losses. You should also avoid picking up fake calls. The caller pretends to be calling from your bank or some other organisation and can ask you for your details like PIN, OTP, etc. Hackers usually share links or make calls and ask users to download a third-party app for verification. It can be noted that banks never ask for PIN, OTP or any other personal details. (Reuters)
    image caption
    5/6 Keep updating UPI App regularly: Every application requires an update and each update brings better features and benefits. You should always keep updating the UPI payment app to the latest version. (Unsplash)
    Online payment
    6/6 Avoid using multiple payment applications: You should avoid keeping multiple payment applications in your phone and should install only the trusted and verified payment applications from the PlayStore or App Store. (Bloomberg)
    Online scam
    View all Images
    Hackers demand $10 million for stolen Australian health records. (Pixabay)

    Hackers on Thursday demanded US$10 million to stop leaking highly sensitive records stolen from a major Australian healthcare company, as they uploaded yet more intimate details about customers.

    Medibank, Australia's largest private health insurer, confirmed this week that hackers had accessed the information of 9.7 million current and former clients, including Prime Minister Anthony Albanese.

    The hackers on Thursday uploaded a second batch of files to a dark web forum, with more sensitive details about hundreds of Medibank customers.

    The first leaks appear to have been selected to cause maximum harm: targeting those who received treatment related to drug abuse, sexually transmitted infections or pregnancy terminations.

    "Added one more file abortions.csv," the anonymous hackers wrote on the forum, before detailing their ransom threat.

    "Society ask us about ransom, it's 10 million USD. We can make discount... $1 = 1 customer."

    Medibank has repeatedly refused to pay the ransom.

    - 'Profit and greed' -

    The Medibank hack -- and an earlier data breach impacting nine million customers at telecom company Optus -- has raised questions about Australia's ability to repel cyber criminals.

    Dennis Desmond, a former FBI agent and US Defense Intelligence Agency officer, said Australia was no worse "than any other high-value target or Western country".

    "It's very unfortunate, but I don't think Australia is any more vulnerable than any other Western developed nation," he told AFP.

    Desmond said profit-driven hackers were unlikely to single out a specific country -- and were typically more interested in targeting companies holding valuable data.

    "It's the data types that are of the most interest to these hackers," he said.

    "The healthcare data is a huge target and personally identifiable data is high-value.

    "Generally, profit and greed are the number one drivers."

    - 'Scummy criminals' -

    The Medibank hack is likely to include data on some of the country's most influential and wealthy individuals.

    Medibank chief executive David Koczkar condemned the "disgraceful" extortion tactics.

    "The weaponisation of people's private information in an effort to extort payment is malicious and it is an attack on the most vulnerable members of our community."

    The group behind the attack appears to be pressuring Medibank by hunting for the most potentially damaging personal information within the records.

    The first records posted to the dark web forum were separated into "naughty" and "nice" lists.

    Some on the "naughty" list had numeric codes that appeared to link them to drug addiction, alcohol abuse and HIV infection.

    For example, one record carried an entry that read: "p_diag: F122".

    F122 corresponds with "cannabis dependence" under the International Classification of Diseases, published by the World Health Organization.

    Names, addresses, passport numbers and birth dates were also included in the data.

    Home Affairs Minister Clare O'Neil has described the hackers as "scummy criminals".

    Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

    First Published Date: 10 Nov, 17:33 IST
    keep up with tech