Добавить новость
smi24.net
News in English
Февраль
2023

Medibank Confirms Stolen Credentials Were Used to Access Its Network

0
First reported as a cyber incident, the Medibank cyber attack and subsequent data breach has been unfolding for a few months now. The latest is that Medibank has revealed how in fact the whole thing happened. Here’s how it all began and where we’re up to with the Medibank hack.

Medibank data breach: what happened?

In October, Medibank went public with news that it suffered a cyber incident. Turns out it was a lot worse than Medibank first thought and, with the data on 9.7 million customers caught up in the massive breach. The private health insurer told shareholders on October 12 it had fallen victim to a ‘cyber incident’. It said that in response to this incident, the organisation took immediate steps to contain it, and engaged specialised cybersecurity firms. At the time, Medibank said there was no evidence that any sensitive data, including customer data, had been accessed in the cyber attack. On October 17, it reaffirmed that after ongoing investigations, there was still no evidence customer data had been removed from its IT environment. It also emerged that Medibank was the victim of a ransomware extortion attempt, with the word ‘ransom’ hidden within the organisation’s messaging. But on October 19, things had taken an Optus-like turn. In a statement issued via the ASX on October 19, Medibank said it has received messages from a group that “wishes to negotiate with the company regarding their alleged removal of customer data”. This negotiation was the hackers threatening to release the private medical information of high-profile Australians if a ransom wasn’t paid. On October 20, Medibank said the Australian Federal Police was investigating the incident as a crime as data on its customers was confirmed breached. Then, on October 26, Medibank confirmed every one of its customers had their data breached. However, on November 7, Medibank divulged just how bad things actually were. “Given the nature of this crime, we now believe that all of the customer data accessed could have been taken by the criminal,” it said. In a statement issued to the ASX, Medibank said it believed the criminal has accessed the name, date of birth, address, phone number and email address for around 9.7 million current and former customers and some of their authorised representatives. This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers and around 1.8 million international customers. The criminal/s also accessed Medicare numbers (but not expiry dates) for ahm customers, passport numbers (but not expiry dates) and visa details for international student customers and accessed health claims data for around 160,000 Medibank customers, around 300,000 ahm customers and around 20,000 international customers. Additionally, around 5,200 My Home Hospital (MHH) patients have had some personal and health claims data accessed and around 2,900 next of kin of these patients have had some contact details accessed. Health provider details, including names, provider numbers and addresses, are among the data accessed in the breach, Medibank said. Despite this, Medibank said the criminal did not access primary identity documents, such as driver’s licences, for Medibank and ahm resident customers. Credit card and banking details are also apparently safe. It was on November 7 that Medibank said it wasn’t paying, despite the ramifications. “No ransom payment will be made to the criminal responsible for this data theft,” the statement reads. “Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published. In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target,” Medibank CEO David Koczkar added. Then, on November 9, it was confirmed data had been leaked. The hackers, who claimed to have spent a month rummaging around Medibank’s systems, posted what they’ve called “naughty” and “nice” lists of health records, with the “naughty” list including people who’ve sought treatment for things like addiction and eating disorders. And they claim they’ve only started releasing the stolen information. The hackers have also published emails they sent and received with Medibank while negotiating over the ransom. The emails, if they’re authentic, show the hackers refusing to name themselves except to say they’re with an “affiliate group.” Security researchers have dubbed the group BlogXX, which is a partial name of the onion address where the stolen data has been published. Oddly enough, the domain used to be run by the Russian-based REvil ransomware gang, though it’s not clear if some of the hackers are the same. In one of the email exchanges published by the hackers, a representative from Medibank asks how they know the hackers will actually delete the data if they pay the ransom. “We are doing business, even if it is not legal, and we are worried about our reputation. This is the key to payments,” the response from the hackers reads. “We are interested in getting money, not destroying your company,” the hackers continued. Whatever their intention, these hackers behind the cyber attack have now put out Medibank information that could be used to destroy the lives of regular people who may be struggling with any range of mental health and addiction issues. In the days following Medibank refusing to pay a ransom, the health claims of hundreds of Medibank customers had been posted on the dark web, including claims related to the termination of pregnancy, harmful use of alcohol and treatment for drug use. It was also revealed back in January that potential health insurance customers who requested quotes with ahm have also been caught up in the data breach. This week, Medibank added an explanation. “The criminal accessed our systems using a stolen Medibank username and password used by a third-party IT service provider,” Medibank explained in its half-year financial results. “The criminal used the stolen credentials to access Medibank’s network through a misconfigured firewall which did not require an additional digital security certificate.” Medibank said the criminal was able to obtain further usernames and passwords to gain access to a number of Medibank’s systems and that their access was not contained. The company said following the triage of a security alert on October 11, it closed down the criminal’s attack path. “[We] can reconfirm no further activity by the criminal since 12 October 2022 has been detected inside our systems,” it wrote. In its financial results, Medibank also noted that the breach has cost it a whopping $26 million, so far, with expectations that number will double by the time the year is out. During the six-month period, the insurer also lost 13,000 policyholders.

AFP points the blame

On November 11, the Australian Federal Police (AFP) made a bold statement, one that attributed the attack to Russia. AFP Commissioner Reece Kershaw declared hackers in Russia were responsible for the Medibank cyber attack.

“This is a crime that has the potential to impact on millions of Australians and damage a significant Australian business,” he said.

“This cyber attack is an unacceptable attack on Australia and it deserves a response that matches the malicious and far-reaching consequences that this crime is causing.”

Kershaw said the AFP is undertaking covert measures and working around the clock with domestic and international partners, including Interpol, to bring those responsible to justice.

“This is important because we believe those responsible for the breach are in Russia,” Kershaw said.

“Our intelligence points to a group of loosely affiliated cyber criminals who are likely responsible for past significant breaches in countries across the world. These cyber criminals are operating like a business.”

Kershaw said the AFP has reason to believe that some affiliates of the business may be operating in other countries, not just Russia.

“We believe we know which individuals are responsible, but I will not be naming them,” he added.

“What I will say is that we will be holding talks with Russian law enforcement about these individuals.”

Kershaw said the AFP was also “scouring the internet and dark web” to find people seeking to profit from this attack.

Medibank hackers declare the ‘case closed’

Medibank in December confirmed that more stolen customer data had been released on the dark web, with the hackers posting the data with a message that read: “Happy Cyber Security Day!!! Added folder full. Case closed.” “We are in the process of analysing the data, but the data released appears to be the data we believed the criminal stole,” Medibank said. “Unfortunately, we expected the criminal to continue to release files on the dark web.” Medibank Koczkar said while there are reports of this being a signal of ‘case closed’, his company’s work regarding the hack “is not over”. Neither is that of Australia’s Privacy Commissioner.

OAIC launches official investigation

After announcing it was making preliminary inquiries with Medibank to ensure compliance with the requirements of the Notifiable Data Breaches (NDB) scheme in October, the Office of the Australian Information Commissioner (OAIC) in December commenced an official investigation into the personal information handling practices of Medibank. The OAIC’s investigation into the hack will focus on whether Medibank took reasonable steps to protect the personal information they held from misuse, interference, loss, unauthorised access, modification or disclosure. The investigation will also consider whether Medibank took reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles (APPs). Just like it did with Optus. If the OAIC’s cyber attack investigation satisfies the Commissioner that an interference with the privacy of individuals has occurred, the Commissioner may make a determination that can include requiring Medibank to take steps to ensure the act or practice is not repeated or continued, and to redress any loss or damage. If the investigation finds serious and/or repeated interferences with privacy in contravention of Australian privacy law, then the Commissioner has the power to seek civil penalties through the Federal Court of up to $2.2 million for each contravention.

Legal action against Medibank for data breach

Law firms Maurice Blackburn Lawyers, Bannister Law Class Actions and Centennial Lawyers last month joined forces to run the legal action against Medibank, with reports noting the law firms have been investigating compensation claims and say they have registered tens of thousands of Medibank customers. According to the ABC, the law firms are seeking compensation for Medibank and ahm health insurance customers who had their names, emails, mental health information and other data leaked. If you or someone you care about needs support, please call LifeLine Australia on 13 11 14. If life is in danger, call 000. Please do NOT call 000 if you are concerned about the Medibank data breach, reach out to Medibank for help on 13 23 31. This article has been updated since it was first published.

The post Medibank Confirms Stolen Credentials Were Used to Access Its Network appeared first on Gizmodo Australia.

  

Related Stories








Дети играют, родители отдыхают

Мичков внесен в Книгу знаменитых людей Кунгура, сообщил директор кунгурского музея: «Никаких его трофеев в музее пока нет, к сожалению»

Раздвигая горы - к единству и созиданию! Манифест лезгинского народа (письменное обращение, воззвание программного характера)

Арбуз, кукуруза и холодные напитки: диетолог Садыков назвал продукты, которые портят ваш сон летом


Brit Who Fought Usyk Calls For Daniel Dubois To ‘Leave The Sport’ After Staying Down In Rematch

Adil Rami carga contra Lamine: "No puedo ni verlo, que le den..."

Las 'Guerreras del Agua' se dan un baño de bronce en el Mundial de Singapur

Madeline Brewer Marries Jack Thompson-Roylance in England!


Вредоносный код в Firefox: атака на цепочку поставок через NPM-пакеты

Axenix и RightStep стали партнерами в области комплексной цифровизации промышленных предприятий

В Санкт-Петербурге обсудили внедрение ИИ в разработку и оптимальные корпоративные архитектуры

Предгрозовое...


Первый трейлер Battlefield 6

'I destroyed months of your work in seconds' says AI coding tool after deleting a devs entire database during a code freeze: 'I panicked instead of thinking'

Microsoft warns of 'active attacks' on its government and business server tech, with one cybersecurity expert claiming that they should 'assume that you have been compromised'

Brütal Legend is free in honor of Ozzy Osbourne, but only for 666 minutes



В депо «Чита» будет установлен первый цифровой весоизмерительный комплекс системы подачи песка под колесные пары локомотива

Технологии будущего: MGIMO Ventures объявляет старт четвертого сезона акселерационной программы

Utrace запускает услугу по валидации IT-систем для фармацевтического рынка

В Санкт-Петербурге обсудили внедрение ИИ в разработку и оптимальные корпоративные архитектуры


В студии Детского радио прошла церемония гашения почтовой марки

Вредоносный код в Firefox: атака на цепочку поставок через NPM-пакеты

Вертолет Robinson, рухнувший в Телецкое озеро, совершал свой первый полет

В МЧС предупредили москвичей о жаре +30 градусов 25 июля


Синоптики спрогнозировали потепление до +29 градусов в Москве 25 июля

Путин призвал жёстко пресекать вмешательство извне: «Суверенитет и ценности — под защитой»

История СССР в объективе легендарного Дмитрия Бальтерманца

На Крымском мосту восстановили движение автотранспорта


Алекс де Минор вышел в 1/8 финала турнира ATP-500 в Вашингтоне

Теннисистка Саккари спасла жука во время матча на турнире в США

Сидоренко из России одержал победу и стал чемпионом по настольному теннису на Универсиаде.

Болбой раздавил спасенного теннисисткой Cаккари жука на турнире WTA-500 в США


Погода продолжит преподносить неприятные сюрпризы: синоптики обновили прогноз на август-2025

«Спартак» и «Балтика» забьют друг другу. «Спартак» — «Балтика»: прогноз и ставка

На Крымском мосту восстановили движение автотранспорта

Обрушившийся потолок забаррикадировал четыре квартиры на востоке Москвы


Музыкальные новости

Невозможное возможно: две подопечные фонда «Жизнь в Движении» с ограниченными возможностями покорят вершину Эльбруса

Почему дочь Волочковой с "рекордным шпагатом" сбежала от матери и тайно обвенчалась вопреки ее воле

AI Певица. Создание AI Певицы. AI Певец. AI Артист.

Врач Шуров: Оззи Осборн мог умереть от паркинсонизма


Utrace запускает услугу по валидации IT-систем для фармацевтического рынка

Технологии будущего: MGIMO Ventures объявляет старт четвертого сезона акселерационной программы

В Санкт-Петербурге обсудили внедрение ИИ в разработку и оптимальные корпоративные архитектуры

В депо «Чита» будет установлен первый цифровой весоизмерительный комплекс системы подачи песка под колесные пары локомотива


Стратегическое партнерство России и Узбекистана укрепляет газохимическую отрасль обеих стран

ЦСКА подписал контракт с нападающим Спронгом, выступавшим в НХЛ

Okko и ТНТ выпустят драмеди про трёх сестёр «Хай, систерс»

"Выездные мастер-классы" Межвузовского Чемпионата КВН Санкт-Петербурга


В Москве росгвардейцы оказали помощь пострадавшей в ДТП мотоциклистке (видео)

Несколько автомобилей столкнулись на внешней стороне 92-го км МКАД

В столичном главке Росгвардии проведён смотр спецтехники

Водитель Audi сбил трех пешеходов, переходивших дорогу на западе Москвы


У Путина есть роскошный подарок для Китая: США схватились за голову, узнав о нем

"Ультиматум Трампа: потенциальные последствия для Путина"

Соболезнования в связи с авиакатастрофой в Амурской области выразили зарубежные лидеры

Путин дал указание рассмотреть проблемы онкологии в Архангельской области.


Новый штамм коронавируса "стратус" фиксируют в Москве с мая

Штамм коронавируса "стратус" захватил 22% всех вирусных заболеваний в Москве

Депздрав Москвы: новый штамм коронавируса "стратус" фиксируют в Москве с мая

Депздрав: новый штамм коронавируса «стратус» фиксируют в Москве с мая



Пластический хирург Софья Абдулаева: подтяжка груди нитями - эффективно ли это

Фитнес-марафоны на паузе: суд продлил домашний арест блогеру Лерчек

Utrace запускает услугу по валидации IT-систем для фармацевтического рынка

Новый штамм коронавируса "стратус" фиксируют в Москве с мая



Пять земельных участков для размещения НКО доступны на городских торгах

Две трети россиян считают, что спортсмены зарабатывают слишком много

"Монсон о спортсменах, которые меняют гражданство в сложный период для России"

«Каникулы с Росгвардией» проходят в регионах Центральной России


Лукашенко посоветовал не злить его и не допускать падежа в животноводстве

Лукашенко заявил, что в Белоруссии «на всякий случай» готовятся к войне

Лукашенко поделился мнением о самой идеальной профессии.

Лукашенко с иронией отнесся к санкциям, запрещающим ему въезд в Эстонию


Мэр Москвы: Улучшим транспортную доступность Южного и Северного Бутова

Собянин: Около 10 тыс. москвичей начали переселение по реновации этим летом

Сергей Собянин поздравил москвича — победителя международной олимпиады по физике

Сергей Собянин осмотрел Дом-музей Федора Конюхова


Исследование выявило снижение инвестиций в экологически чистую энергетику США.

Бурмистров: лисы могут появляться на улицах Москвы в период расселения

6 лет вместе. В Москве пройдет выставка, посвященная пандам Жуи и Диндин

Москвичи теперь должны платить за зарядку своих электромобилей


В Лианозове проходит фотовыставка «Алюминий – метрополитену»

Путин призвал жёстко пресекать вмешательство извне: «Суверенитет и ценности — под защитой»

На Крымском мосту восстановили движение автотранспорта

Синоптики спрогнозировали потепление до +29 градусов в Москве 25 июля


70 участников СВО в Архангельске показали мотивацию выше госслужащих — Цыбульский

В Архангельске началось обучение бойцов СВО, сообщил Цыбульский.

Настольный термотрансферный принтер штрих-кодов iDPRT iE4P

В Нарьян-Маре из-за холодов возобновили подачу отопления в дома


Прогноз погоды в Крыму на 25 июля

В Симферополе на базе «Клинического госпиталя для ветеранов войн» функционирует гериатрический центр для пожилых людей с возрастными нарушениями

"Россия дала мне возможность быть счастливым": Джефф Монсон в Крыму

В центре Балаклавы изменят дорожное движение – причины и сроки


Обрушившийся потолок забаррикадировал четыре квартиры на востоке Москвы

«Спартак» и «Балтика» забьют друг другу. «Спартак» — «Балтика»: прогноз и ставка

История СССР в объективе легендарного Дмитрия Бальтерманца

Синоптики спрогнозировали потепление до +29 градусов в Москве 25 июля














СМИ24.net — правдивые новости, непрерывно 24/7 на русском языке с ежеминутным обновлением *