Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Guardian - AU
The Guardian - AU
National
Michael McGowan

Medibank hackers release 1,500 more patient records on dark web, including mental health data

Medibank CEO David Koczkar
Medibank CEO David Koczkar has again apologised to customers after more sensitive records were released on the dark web. Photograph: Morgan Hancock/AAP

Russian cybercriminals have released a fifth tranche of stolen data from the private health insurer Medibank, including the details of treatment for mental health.

The company’s chief executive, David Koczkar, on Sunday confirmed the hackers, who obtained the records of millions of current and former customers in a ransomware attack last month, had released the details on the dark web.

It comes after the company refused to pay a US$10m ransom to the hackers, who the Australian federal police have said are likely Russian cybercriminals.

The data was released in four folders containing about 1,500 patient records.

In a statement, Medibank confirmed the data included details on chronic conditions such as heart disease, as well as the patient details of people with cancer, dementia, mental health conditions and infections.

“Some of the people on the list have had diagnoses that include mental illnesses, or delirium, which is an acute change in mental status that can be triggered by illness, injury, surgery, or medications,” the company said in a statement.

“Delirium is a temporary condition that’s not uncommon in hospital, particularly for elderly people, as they become disoriented to their surroundings.”

In a statement, Koczkar said the company was still determining the accuracy of the latest data leak, which contained about 1,500 patient files. Of those, the company said 123 records had been released in previous tranches of data.

But some previously released data had not matched the company’s records, he said, and the company’s analysis of the latest patient records showed many did not match the descriptions posted by the hackers.

“We will continue to support all people who have been impacted by this crime through our Cyber Response Support Program. This includes mental health and wellbeing support, identity protection and financial hardship measures,” Koczkar said.

“The Australian Federal Police have said law enforcement will take swift action against anyone attempting to benefit, exploit or commit criminal offenses using stolen Medibank customer data. We continue to work closely with the Australian Federal Police who are focused, as part of Operation Guardian, on preventing the criminal misuse of this data.

“Again, I unreservedly apologise to our customers. We remain committed to fully and transparently communicating with customers and we will continue to contact customers whose data has been released on the dark web.”

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.