Featured Article

Medibank breach: Hackers start leaking health data after ransomware attack

What you need to know so far


Medibank's logo on the top of its corporate offices in Melbourne, Australia
Image Credits: Scott Barbour (opens in a new window) / Getty Images

Medibank has urged its customers to be on high alert after cybercriminals began leaking sensitive medical records stolen from the Australian health insurance giant.

A ransomware group with ties to the notorious Russian-speaking REvil gang began publishing the stolen records early Wednesday, including customers’ names, birth dates, passport numbers and information on medical claims. This comes after Medibank said it would not pay the ransom demand, saying, “We believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published.”

The cybercriminals selectively separated the first sample of Australian breach victims into “naughty” and “good” lists, with the former including numerical diagnosis codes that appeared to link victims to drug addiction, alcohol abuse and HIV, according to Agence France-Presse. For example, one record carries an entry that reads “F122,” which corresponds with “cannabis dependence” under the International Classification of Diseases published by the World Health Organization.

It’s also believed the leaked data includes the names of high-profile Medibank customers, which likely includes senior Australian government lawmakers, like prime minister Anthony Albanese and cybersecurity minister Clare O’Neil.

The portion of data leaked so far, seen by TechCrunch, also appears to include correspondence of negotiations between the cybercriminals and Medibank CEO David Koczkar. Screenshots of WhatsApp messages suggest that the ransomware group also plans to leak “keys for decrypting credit cards” despite Medibank’s assertion that no banking or credit card details were accessed.

“Based on our investigation to date into this cybercrime we currently believe the criminal did not access credit card and banking details,” Medibank spokesperson Liz Green told TechCrunch in an emailed statement on Wednesday, who deferred to its blog post.

The cybercriminal gang behind the Medicare ransomware attack, whose identities are not known but has relied on a variant of REvil’s file-encrypting malware, has so far leaked the personal details of around 200 Medibank customers, a fraction of the data that the group claims to have stolen. Medibank confirmed on Tuesday that the cybercriminals had accessed roughly 9.7 million customers’ personal details and health claims data for almost 500,000 customers.

What should victims do?

In light of the data leak, which exposed highly confidential information that could be abused for financial fraud, Medibank and the Australian Federal Police are urging customers to be on high alert for phishing scams and unexpected activity across online accounts. Medibank is also advising users to ensure they are not re-using passwords and have multi-factor authentication enabled on any online accounts where the option is available.

Medibank also launched a “cyber response support package” for affected customers, Medibank’s Green told TechCrunch. This includes hardship support, identity protection advice and resources, and reimbursement of government ID replacement fees. The health insurance giant is also providing a well-being line, a mental health outreach service and personal duress alarms.

Australia’s federal police are investigating the breach in collaboration with agencies from around the Commonwealth, as well as from the other members of the “Five Eyes” group of intelligence-sharing governments, including the U.K., U.S., Canada and New Zealand. Operation Guardian, the Australian government’s response to the recent wave of cyberattacks that began with the data breach at telco giant Optus, will be extended to Medibank to protect its customers from “financial fraud and identity theft.”

“Operation Guardian will be actively monitoring the clear, dark and deep web for the sale and distribution of Medibank Private and Optus data,” said AFP Assistant Commissioner Cyber Command Justine Gough. “Law enforcement will take swift action against anyone attempting to benefit, exploit or commit criminal offenses using stolen Medibank Private data.”

What’s next?

In its latest update, Medibank is bracing for the situation to worsen, saying that it “expects the criminal to continue to release files on the dark web.” On its dark web leak site, the cybercriminals said they planned to “continue posting data partially, including confluence, source codes, list of stuff and some files obtained from medi filesystem from different hosts.”

Medibank says it will continue to contact all affected customers with specific advice and details of what data the attackers have accessed. However, customers at a heightened risk of being targeted by fraudulent emails should ensure that emails are coming from Medibank. Medibank said it would not ask for personal details over email. If in doubt, don’t click any links.

It’s not yet known whether Medibank customers will receive compensation following the breach or whether Medibank will face action for failing to protect users’ confidential medical data. The breach comes just weeks after Australia confirmed an incoming legislative change to the country’s privacy laws, following a long process of consultation on reforms. The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 will increase the maximum penalties that can be applied under the Privacy Act 1988 for serious or repeated privacy breaches and greater powers for the Australian information commissioner.

Two law firms also said on Tuesday that they are investigating whether Medibank had breached its obligations to customers under the country’s Privacy Act. The firms, Bannister Law and Centennial Lawyers, will investigate whether Medibank breached their privacy policy and the terms of their contract with customers and will also assess whether damages should be paid as a result of the breach.

Australia to toughen privacy laws with huge hike in penalties for breaches

More TechCrunch

Welcome to TechCrunch Fintech! This week, we’re looking at the continued fallout from Synapse’s bankruptcy, how Layer wants to disrupt SMB accounting, and much more! To get a roundup of…

There’s a real appetite for a fintech alternative to QuickBooks

The company is hoping to produce electricity at $13 per megawatt hour, which would be more than 50% cheaper than traditional onshore wind.

Bill Gates-backed wind startup AirLoom is raising $12M, filings reveal

Generative AI makes stuff up. It can be biased. Sometimes, it spits out toxic text. So can it be “safe”? Rick Caccia, the CEO of WitnessAI, believes it can. “Securing…

WitnessAI is building guardrails for generative AI models

It’s not often that you hear about a seed round above $10 million. H, a startup based in Paris and previously known as Holistic AI, has announced a $220 million…

French AI startup H raises $220 million seed round

Hey there, Series A to B startups with $35 million or less in funding — we’ve got an exciting opportunity that’s tailor-made for your growth journey! If you’re looking to…

Boost your startup’s growth with a ScaleUp package at TC Disrupt 2024

TikTok is pulling out all the stops to prevent its impending ban in the United States. Aside from initiating legal challenges against the government, that means shaping up its public…

As a U.S. ban looms, TikTok announces a $1M program for socially driven creators

Microsoft wants to put its Copilot everywhere. It’s only a matter of time before Microsoft renames its annual Build developer conference to Microsoft Copilot. Hopefully, some of those upcoming events…

Microsoft’s Power Automate no-code platform adds AI flows

Build is Microsoft’s largest developer conference and of course, it’s all about AI this year. So it’s no surprise that GitHub’s Copilot, GitHub’s “AI pair programming tool,” is taking center…

GitHub Copilot gets extensions

Microsoft wants to make its brand of generative AI more useful for teams — specifically teams across corporations and large enterprise organizations. This morning at its annual Build dev conference,…

Microsoft intros a Copilot for teams

Microsoft’s big focus at this year’s Build conference is generative AI. And to that end, the tech giant announced a series of updates to its platforms for building generative AI-powered…

Microsoft upgrades its AI app-building platforms

The U.K.’s data protection watchdog has closed an almost year-long investigation of Snap’s AI chatbot, My AI — saying it’s satisfied the social media firm has addressed concerns about risks…

UK data protection watchdog ends privacy probe of Snap’s GenAI chatbot, but warns industry

U.S. cell carrier Patriot Mobile experienced a data breach that included subscribers’ personal information, including full names, email addresses, home ZIP codes and account PINs, TechCrunch has learned. Patriot Mobile,…

Conservative cell carrier Patriot Mobile hit by data breach

It’s been three years since Spotify acquired live audio startup Betty Labs, and yet the music streaming service isn’t leveraging the technology to its fullest potential — at least not…

Spotify’s ‘Listening Party’ feature falls short of expectations

Alchemist Accelerator has a new pile of AI-forward companies demoing their wares today, if you care to watch, and the program itself is making some international moves into Tokyo and…

Alchemist’s latest batch puts AI to work as accelerator expands to Tokyo, Doha

“Late Pledge” allows campaign creators to continue collecting money even after the campaign has closed.

Kickstarter now lets you pledge after a campaign closes

Stack AI’s co-founders, Antoni Rosinol and Bernardo Aceituno, were PhD students at MIT wrapping up their degrees in 2022 just as large language models were becoming more mainstream. ChatGPT would…

Stack AI wants to make it easier to build AI-fueled workflows

Pinecone, the vector database startup founded by Edo Liberty, the former head of Amazon’s AI Labs, has long been at the forefront of helping businesses augment large language models (LLMs)…

Pinecone launches its serverless vector database out of preview

Young geothermal energy wells can be like budding prodigies, each brimming with potential to outshine their peers. But like people, most decline with age. In California, for example, the amount…

Special mud helps XGS Energy get more power out of geothermal wells

Featured Article

Sonos finally made some headphones

The market play is clear from the outset: The $449 headphones are firmly targeted at an audience that would otherwise be purchasing the Bose QC Ultra or Apple AirPods Max.

5 hours ago
Sonos finally made some headphones

Adobe says the feature is up to the task, regardless of how complex of a background the object is set against.

Adobe brings Firefly AI-powered Generative Remove to Lightroom

All cars suffer when the mercury drops, but electric vehicles suffer more than most as heaters draw more power and batteries charge more slowly as the liquid electrolyte inside thickens.…

Porsche Ventures invests in battery startup South 8 to boost cold-weather EV performance

Scale AI has raised a $1 billion Series F round from a slew of big-name institutional and corporate investors including Amazon and Meta.

Data-labeling startup Scale AI raises $1B as valuation doubles to $13.8B

The new coalition, Tech Against Scams, will work together to find ways to fight back against the tools used by scammers and to better educate the public against financial scams.

Meta, Match, Coinbase and others team up to fight online fraud and crypto scams

It’s a wrap: European Union lawmakers have given the final approval to set up the bloc’s flagship, risk-based regulations for artificial intelligence.

EU Council gives final nod to set up risk-based regulations for AI

London-based fintech Vitesse has closed a $93 million Series C round of funding led by investment giant KKR.

Vitesse, a payments and treasury management platform for insurers, raises $93M to fuel US expansion

Zen Educate, an online marketplace that connects schools with teachers, has raised $37 million in a Series B round of funding. The raise comes amid a growing teacher shortage crisis…

Zen Educate raises $37M and acquires Aquinas Education as it tries to address the teacher shortage

“When I heard the released demo, I was shocked, angered and in disbelief that Mr. Altman would pursue a voice that sounded so eerily similar to mine.”

Scarlett Johansson says that OpenAI approached her to use her voice

A new self-driving truck — manufactured by Volvo and loaded with autonomous vehicle tech developed by Aurora Innovation — could be on public highways as early as this summer.  The…

Aurora and Volvo unveil self-driving truck designed for a driverless future

The European venture capital firm raised its fourth fund as fund as climate tech “comes of age.”

ETF Partners raises €285M for climate startups that will be effective quickly — not 20 years down the road

Copilot, Microsoft’s brand of generative AI, will soon be far more deeply integrated into the Windows 11 experience.

Microsoft wants to make Windows an AI operating system, launches Copilot+ PCs