Medibank Won’t Pay Ransom

The Australian health insurer Medibank says it will not pay a ransom to the hacker who stole massive amounts of customer data. In October Medibank said that a hacker had accessed around 4 million customers' personal information.

That's bad enough, but Medibank has now discovered the scale of the breach is much larger than earlier thought, with 9.7 million current and former customers having their names, dates of birth, phone numbers and email address accessed. That includes 5.1 million Medibank direct customers and 1.8 million international customers.

The company’s CEO David Koczkar declined to confirm speculation that the criminals had deliberately targeted the most sensitive health claims data and providers in the 480,000 claims Medibank found had been stolen. The claims  information exposed includes service provider name, and codes associated with diagnosis and procedures.

The company had said it had been in contact with the alleged attacker, and there had been speculation Medibank might pay a ransom to prevent the release of the data online.

In a statement to the Australian Stock Exchange, Koczkar said the advice received from professional security advisers and from the Australian government, was that no ransom should be paid. Koczkar saiad here is no way they can “trust criminals” not to further exploit people.

 Australion Financial Review:   News7:     ABC:      Guardian:       You Tube:    Market Watch:  

You Might Also Read: 

Attackers Demand $10m Ransom From French Hospital:
 

« Australia’s Government Hit By Another Cyber Attack
Ukraine Uses Artificial Intelligence To Speed Up Attacks »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

HYAS Infosec

HYAS Infosec

HYAS is a highly skilled information security firm developing the next generation of information security technology.

Berwick Partners

Berwick Partners

Berwick Partners’ Cyber Security Practice is a leading recruiter of senior management positions in this field; we have an exceptional understanding of the constantly changing Cyber landscape.

Ensconce Data Technology (EDT)

Ensconce Data Technology (EDT)

EDT’s focus is on providing solutions to properly sanitize Solid State Drives (SSD) and Magnetic Drives (HDD) before they are disposed or redeployed.

Cyber Risk Institute (CRI)

Cyber Risk Institute (CRI)

CRI is a not-for-profit coalition of financial institutions and trade associations working to protect the global economy by enhancing cybersecurity and resiliency through standardization.

SterlingRisk Programs

SterlingRisk Programs

SterlingRisk’s Cyber practice brings experience working with a wide array of clients across a broad spectrum of industries.

Soliton

Soliton

Soliton is a leading Japanese technology company and a pioneer in IT security solutions for protecting company resources and data from external IT security threats.

Vigilant Technology Solutions

Vigilant Technology Solutions

Vigilant is a global cyber security technology company offering solutions to manage entire IT & cyber security lifecycles.

European Cybersecurity Competence Centre (ECCC)

European Cybersecurity Competence Centre (ECCC)

The ECCC aims to increase Europe’s cybersecurity capacities and competitiveness, working together with a Network of National Coordination Centres to build a strong cybersecurity Community.

HackersEra

HackersEra

HackersEra is a leading offensive cybersecurity service provider. We enable our clients to operate in a more secure environment efficiently and produce more value.

Strivacity

Strivacity

Strivacity lets brands quickly add secure login and identity management capabilities to their customer-facing applications without tying up an army of developers or consultants to do it.

Silent Push

Silent Push

Silent Push maps all internet-facing infrastructure with searchable, advanced attributes, generating early indicators of potential threats that are tailored to your environment.

GeoComply

GeoComply

GeoComply provides fraud prevention and cybersecurity solutions that detect location fraud and help verify a user's true digital identity.

The Hacking Games

The Hacking Games

The Hacking Games' Mission is to inspire, educate and mobilise a generation of ethical hackers to make the world a safer place.

Protega

Protega

Protega is a company specialized in Managed Cybersecurity Services (MSS) & SOC 24×7; management, risk & compliance (GRC); implementation of data protection technologies; and Red Team services.

CQR

CQR

CQR are at the forefront of innovative cyber solutions, dedicated to securing and fortifying Operational technology (OT) infrastructure.

TR-CERT (USOM)

TR-CERT (USOM)

TR-CERT (Ulusal Siber Olaylara Müdahale Merkezi - USOM) is the national Computer Emergency Response Team of Turkey.