Добавить новость
smi24.net
News in English
Февраль
2023

Medibank Confirms Stolen Credentials Were Used to Access Its Network

0
First reported as a cyber incident, the Medibank cyber attack and subsequent data breach has been unfolding for a few months now. The latest is that Medibank has revealed how in fact the whole thing happened. Here’s how it all began and where we’re up to with the Medibank hack.

Medibank data breach: what happened?

In October, Medibank went public with news that it suffered a cyber incident. Turns out it was a lot worse than Medibank first thought and, with the data on 9.7 million customers caught up in the massive breach. The private health insurer told shareholders on October 12 it had fallen victim to a ‘cyber incident’. It said that in response to this incident, the organisation took immediate steps to contain it, and engaged specialised cybersecurity firms. At the time, Medibank said there was no evidence that any sensitive data, including customer data, had been accessed in the cyber attack. On October 17, it reaffirmed that after ongoing investigations, there was still no evidence customer data had been removed from its IT environment. It also emerged that Medibank was the victim of a ransomware extortion attempt, with the word ‘ransom’ hidden within the organisation’s messaging. But on October 19, things had taken an Optus-like turn. In a statement issued via the ASX on October 19, Medibank said it has received messages from a group that “wishes to negotiate with the company regarding their alleged removal of customer data”. This negotiation was the hackers threatening to release the private medical information of high-profile Australians if a ransom wasn’t paid. On October 20, Medibank said the Australian Federal Police was investigating the incident as a crime as data on its customers was confirmed breached. Then, on October 26, Medibank confirmed every one of its customers had their data breached. However, on November 7, Medibank divulged just how bad things actually were. “Given the nature of this crime, we now believe that all of the customer data accessed could have been taken by the criminal,” it said. In a statement issued to the ASX, Medibank said it believed the criminal has accessed the name, date of birth, address, phone number and email address for around 9.7 million current and former customers and some of their authorised representatives. This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers and around 1.8 million international customers. The criminal/s also accessed Medicare numbers (but not expiry dates) for ahm customers, passport numbers (but not expiry dates) and visa details for international student customers and accessed health claims data for around 160,000 Medibank customers, around 300,000 ahm customers and around 20,000 international customers. Additionally, around 5,200 My Home Hospital (MHH) patients have had some personal and health claims data accessed and around 2,900 next of kin of these patients have had some contact details accessed. Health provider details, including names, provider numbers and addresses, are among the data accessed in the breach, Medibank said. Despite this, Medibank said the criminal did not access primary identity documents, such as driver’s licences, for Medibank and ahm resident customers. Credit card and banking details are also apparently safe. It was on November 7 that Medibank said it wasn’t paying, despite the ramifications. “No ransom payment will be made to the criminal responsible for this data theft,” the statement reads. “Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published. In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target,” Medibank CEO David Koczkar added. Then, on November 9, it was confirmed data had been leaked. The hackers, who claimed to have spent a month rummaging around Medibank’s systems, posted what they’ve called “naughty” and “nice” lists of health records, with the “naughty” list including people who’ve sought treatment for things like addiction and eating disorders. And they claim they’ve only started releasing the stolen information. The hackers have also published emails they sent and received with Medibank while negotiating over the ransom. The emails, if they’re authentic, show the hackers refusing to name themselves except to say they’re with an “affiliate group.” Security researchers have dubbed the group BlogXX, which is a partial name of the onion address where the stolen data has been published. Oddly enough, the domain used to be run by the Russian-based REvil ransomware gang, though it’s not clear if some of the hackers are the same. In one of the email exchanges published by the hackers, a representative from Medibank asks how they know the hackers will actually delete the data if they pay the ransom. “We are doing business, even if it is not legal, and we are worried about our reputation. This is the key to payments,” the response from the hackers reads. “We are interested in getting money, not destroying your company,” the hackers continued. Whatever their intention, these hackers behind the cyber attack have now put out Medibank information that could be used to destroy the lives of regular people who may be struggling with any range of mental health and addiction issues. In the days following Medibank refusing to pay a ransom, the health claims of hundreds of Medibank customers had been posted on the dark web, including claims related to the termination of pregnancy, harmful use of alcohol and treatment for drug use. It was also revealed back in January that potential health insurance customers who requested quotes with ahm have also been caught up in the data breach. This week, Medibank added an explanation. “The criminal accessed our systems using a stolen Medibank username and password used by a third-party IT service provider,” Medibank explained in its half-year financial results. “The criminal used the stolen credentials to access Medibank’s network through a misconfigured firewall which did not require an additional digital security certificate.” Medibank said the criminal was able to obtain further usernames and passwords to gain access to a number of Medibank’s systems and that their access was not contained. The company said following the triage of a security alert on October 11, it closed down the criminal’s attack path. “[We] can reconfirm no further activity by the criminal since 12 October 2022 has been detected inside our systems,” it wrote. In its financial results, Medibank also noted that the breach has cost it a whopping $26 million, so far, with expectations that number will double by the time the year is out. During the six-month period, the insurer also lost 13,000 policyholders.

AFP points the blame

On November 11, the Australian Federal Police (AFP) made a bold statement, one that attributed the attack to Russia. AFP Commissioner Reece Kershaw declared hackers in Russia were responsible for the Medibank cyber attack.

“This is a crime that has the potential to impact on millions of Australians and damage a significant Australian business,” he said.

“This cyber attack is an unacceptable attack on Australia and it deserves a response that matches the malicious and far-reaching consequences that this crime is causing.”

Kershaw said the AFP is undertaking covert measures and working around the clock with domestic and international partners, including Interpol, to bring those responsible to justice.

“This is important because we believe those responsible for the breach are in Russia,” Kershaw said.

“Our intelligence points to a group of loosely affiliated cyber criminals who are likely responsible for past significant breaches in countries across the world. These cyber criminals are operating like a business.”

Kershaw said the AFP has reason to believe that some affiliates of the business may be operating in other countries, not just Russia.

“We believe we know which individuals are responsible, but I will not be naming them,” he added.

“What I will say is that we will be holding talks with Russian law enforcement about these individuals.”

Kershaw said the AFP was also “scouring the internet and dark web” to find people seeking to profit from this attack.

Medibank hackers declare the ‘case closed’

Medibank in December confirmed that more stolen customer data had been released on the dark web, with the hackers posting the data with a message that read: “Happy Cyber Security Day!!! Added folder full. Case closed.” “We are in the process of analysing the data, but the data released appears to be the data we believed the criminal stole,” Medibank said. “Unfortunately, we expected the criminal to continue to release files on the dark web.” Medibank Koczkar said while there are reports of this being a signal of ‘case closed’, his company’s work regarding the hack “is not over”. Neither is that of Australia’s Privacy Commissioner.

OAIC launches official investigation

After announcing it was making preliminary inquiries with Medibank to ensure compliance with the requirements of the Notifiable Data Breaches (NDB) scheme in October, the Office of the Australian Information Commissioner (OAIC) in December commenced an official investigation into the personal information handling practices of Medibank. The OAIC’s investigation into the hack will focus on whether Medibank took reasonable steps to protect the personal information they held from misuse, interference, loss, unauthorised access, modification or disclosure. The investigation will also consider whether Medibank took reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles (APPs). Just like it did with Optus. If the OAIC’s cyber attack investigation satisfies the Commissioner that an interference with the privacy of individuals has occurred, the Commissioner may make a determination that can include requiring Medibank to take steps to ensure the act or practice is not repeated or continued, and to redress any loss or damage. If the investigation finds serious and/or repeated interferences with privacy in contravention of Australian privacy law, then the Commissioner has the power to seek civil penalties through the Federal Court of up to $2.2 million for each contravention.

Legal action against Medibank for data breach

Law firms Maurice Blackburn Lawyers, Bannister Law Class Actions and Centennial Lawyers last month joined forces to run the legal action against Medibank, with reports noting the law firms have been investigating compensation claims and say they have registered tens of thousands of Medibank customers. According to the ABC, the law firms are seeking compensation for Medibank and ahm health insurance customers who had their names, emails, mental health information and other data leaked. If you or someone you care about needs support, please call LifeLine Australia on 13 11 14. If life is in danger, call 000. Please do NOT call 000 if you are concerned about the Medibank data breach, reach out to Medibank for help on 13 23 31. This article has been updated since it was first published.

The post Medibank Confirms Stolen Credentials Were Used to Access Its Network appeared first on Gizmodo Australia.

  

Related Stories








Гордости Angsana Velavaru

Оркестр полиции Республики Сербской впервые выступит на фестивале «Спасская башня» в Москве

Ваше душевное благополучие важно: когда и как лечение в стационаре становится шагом к себе

Модель Анастасия Решетова перенесла вирус с осложнениями


Why Juventus spent 111m this summer for only one new player

Brit Who Fought Usyk Calls For Daniel Dubois To ‘Leave The Sport’ After Staying Down In Rematch

Las 'Guerreras del Agua' se dan un baño de bronce en el Mundial de Singapur

La UFC anuncia un mes de octubre mayúsculo


В Московской области задержан томский предприниматель, укравший 8,5 млн рублей

В Челябинске арестован председатель правления банка "Снежинский"

Игровые терминалы в ТЦ: союз ради будущего

Снижены цены на самый дорогой кроссовер Chery в России


Microsoft warns of 'active attacks' on its government and business server tech, with one cybersecurity expert claiming that they should 'assume that you have been compromised'

Brütal Legend is free in honor of Ozzy Osbourne, but only for 666 minutes

'I destroyed months of your work in seconds' says AI coding tool after deleting a devs entire database during a code freeze: 'I panicked instead of thinking'

The dairy industry would like Gen Z to drink more milk, so they made a Fortnite diner tycoon game



В Москве завершился сбор с руководителями финансово-экономических подразделений Центрального округа Росгвардии

В Третьяковке на Кадашевской набережной открылся концертный зал

«Каникулы с Росгвардией» проходят в регионах Центральной России

Оркестр полиции Республики Сербской впервые выступит на фестивале «Спасская башня» в Москве


Первая победа «Динамо» в сезоне? «Динамо» — «Ростов»: прогноз и ставка

Гарбузов: виртуальный лифт КМЗ станет экспонатом выставки «Та самая Москва»

В студии Детского радио прошла церемония гашения почтовой марки

Михаил Ефремов разъехался с женой на фоне новостей о разводе


Сразу до +35 градусов: синоптики рассказали, когда снова вернется жара. Ждать осталось недолго

Врач Щетинина: натуральные соки могут навредить здоровью пожилых

История СССР в объективе легендарного Дмитрия Бальтерманца

Девушка Рая отреагировала на использование ее лица во время выступления Элджея


Теннисистка Калинская вышла в четвертьфинал турнира WTA 500 в Вашингтоне

Алькарас рассказал, считает ли Синнера своим другом после поражения в финале Уимблдона

Медведев пробился в четвертьфинал турнира в Вашингтоне

Медведев победил У Ибина и вышел в четвертьфинал турнира ATP в Вашингтоне


Сразу до +35 градусов: синоптики рассказали, когда снова вернется жара. Ждать осталось недолго

В Лианозове проходит фотовыставка «Алюминий – метрополитену»

Адвокат Грачева заявила, что Седокову хотят привлечь к уголовной ответственности

Автоэксперт Олег Мосеев: автопарк России на 71,3% состоит из машин старше 10 лет


Музыкальные новости

Владимир Высоцкий в виде цифрового аватара «выступит» в Москве

Баскова, Киркорова и Лазарева погнали с экранов: попались на непотребщине

VK Fest Санкт-Петербург: Детская сцена от PICCOLO и Radio Kids FM вновь покорила сердца юных зрителей!

В Петербурге требуют заблокировать сайты, продающие липовые билеты в Мариинку


«Каникулы с Росгвардией» проходят в регионах Центральной России

В Москве завершился сбор с руководителями финансово-экономических подразделений Центрального округа Росгвардии

Оркестр полиции Республики Сербской впервые выступит на фестивале «Спасская башня» в Москве

Оркестр полиции Республики Сербской впервые выступит на фестивале «Спасская башня» в Москве


Отношения с Трампом не сложились: Путин зол. Ультиматум США вышел боком

Рискнул на 100 тысяч рублей: инженер из Смоленска купил более 1,7 тысячи лотерейных билетов и выиграл автомобиль от «Национальной Лотереи» и РОЛЬФ на VK Fest

Назначены судейские бригады на матчи 2-ого тура МИР РПЛ

Собянин: создание 5 центров женского здоровья завершат в этом году


Несколько автомобилей столкнулись на внешней стороне 92-го км МКАД

Поезда не будут ходить на участке Сокольнической линии метро с 26 по 28 июля

Водитель Audi сбил трех пешеходов, переходивших дорогу на западе Москвы

На МКАД в Москве произошло массовое ДТП, движение затруднено


Путин дал указание рассмотреть проблемы онкологии в Архангельской области.

Соболезнования в связи с авиакатастрофой в Амурской области выразили зарубежные лидеры

"Ультиматум Трампа: потенциальные последствия для Путина"

У Путина есть роскошный подарок для Китая: США схватились за голову, узнав о нем


Депздрав Москвы оценил ситуацию с распространением нового штамма коронавируса

Обнаружен новый штамм коронавируса: он очень заразный и забирает голос

Депздрав Москвы: новый штамм коронавируса "стратус" фиксируют в Москве с мая

Новый штамм коронавируса "стратус" фиксируют в Москве с мая



Фитнес-марафоны на паузе: суд продлил домашний арест блогеру Лерчек

Пластический хирург Софья Абдулаева: подтяжка груди нитями - эффективно ли это

Путин дал указание рассмотреть проблемы онкологии в Архангельской области.

Компания КИТ МЕД представляет революционный аппарат SONOQUEEN — первую в мире анатомическую HIFU-технологию для anti-age терапии в России


Британский журналист: Зеленский - мелкий жулик и крыса, которому «недолго осталось» в этом мире


«Каникулы с Росгвардией» проходят в регионах Центральной России

"Монсон о спортсменах, которые меняют гражданство в сложный период для России"

Игровые терминалы в ТЦ: союз ради будущего

Пять земельных участков для размещения НКО доступны на городских торгах


Лукашенко посоветовал не злить его и не допускать падежа в животноводстве

Лукашенко поделился мнением о самой идеальной профессии.

Лукашенко заявил, что в Белоруссии «на всякий случай» готовятся к войне

Лукашенко с иронией отнесся к санкциям, запрещающим ему въезд в Эстонию


Собянин: Около 10 тыс. москвичей начали переселение по реновации этим летом

Собянин поддержал проведение конкурса «Лучший книжный магазин Москвы»

Сергей Собянин. Главное за день

Сергей Собянин поздравил москвича — победителя международной олимпиады по физике


Детеныш краснокнижной боливийской обезьяны появился на свет в Московском зоопарке

Исследование выявило снижение инвестиций в экологически чистую энергетику США.

Московские студенты начали исследовать влияние климатических изменений на сток рек Ямала

6 лет вместе. В Москве пройдет выставка, посвященная пандам Жуи и Диндин


Еще одно здание ГБУ «Жилищник» появится во Внукове

Автоэксперт Олег Мосеев: автопарк России на 71,3% состоит из машин старше 10 лет

История СССР в объективе легендарного Дмитрия Бальтерманца

Адвокат Грачева заявила, что Седокову хотят привлечь к уголовной ответственности


Путин дал указание рассмотреть проблемы онкологии в Архангельской области.

70 участников СВО в Архангельске показали мотивацию выше госслужащих — Цыбульский

Республика Алтай вошла в десятку регионов России по развитию ипотеки

В Нарьян-Маре из-за холодов возобновили подачу отопления в дома


Прогноз погоды в Крыму на 25 июля

"Россия дала мне возможность быть счастливым": Джефф Монсон в Крыму

В Симферополе на базе «Клинического госпиталя для ветеранов войн» функционирует гериатрический центр для пожилых людей с возрастными нарушениями

Лавандовое поле горит в Симферопольском районе Крыма


Жертва перестройки — почему эта Волга была обречена

Автоэксперт Олег Мосеев: автопарк России на 71,3% состоит из машин старше 10 лет

Гарбузов: виртуальный лифт КМЗ станет экспонатом выставки «Та самая Москва»

Ветеринары напомнили жителям Подмосковья о необходимости вакцинации питомцев














СМИ24.net — правдивые новости, непрерывно 24/7 на русском языке с ежеминутным обновлением *