Search This Blog

Abortion Data of Medibank Patient’s Leaked on the Dark Web

The data was leaked after health insurer refused to pay the ransom.


Threat actors who siphoned customer data from Australia's largest health insurer Medibank last month have released sensitive details of patients' medical diagnoses and procedures, including abortions, onto the dark web. 

The ransomware group also disclosed they allegedly demanded a $US1 ($1.60) per customer ransom from the health insurer but Medibank refused to pay ransom for the data, a decision supported by the Australian government. 

"Added one more file abortions.csv ...," read a post on the blog. "Society asks us about ransom, it's a 10 million USD (A$15.5 million). We can make a discount 9.7m (A$15 million) 1$ (A$1.60) =1 customer." 

The file reportedly contained a spreadsheet with 303 customers' details alongside billing codes related to pregnancy terminations, including non-viable pregnancy, miscarriage, and ectopic pregnancy. 

Day after the data leak, minister for cyber security Clare O'Neil described the leak of the patients’ data as "morally reprehensible". 

"I want to say, particularly to the women whose private health information has been compromised overnight, as the minister for cybersecurity but more importantly, as a woman, this should not have happened, and I know this is a really difficult time," she said. I want you to know that as a parliament and as a government, we stand with you. You are entitled to keep your health information private and what has occurred here is morally reprehensible and it is criminal." 

Meanwhile, David Koczkaro, CEO at Medibank requested the public to not seek out the files, which contain the names of policyholders rather than patients. 

"These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care," he said. Koczkaro also apologized for what he called the "malicious weaponization" of personal data. 

Additionally, the Australian government has defended the insurer's decision to not pay the ransom. Both have warned that more releases of customer information are expected. Prime Minister Anthony Albanese has said that he is also a Medibank customer. 

The Medibank hack follows a string of unrelated cyber assaults against Australian organizations in recent weeks and months, as customer data have come under siege from hackers. 

Earlier this year in September, Australia's second-largest telecommunications firm Optus was also targeted for extortion, after the private information of nearly 10 million customers was siphoned in what the firm called a cyber-attack. The attackers also targeted supermarket chain Woolworths, and Australian Federal Police classified documents, which exposed agents working to stop international drug cartels.
Share it:

Abortion Data Leak


Data Breach

Data Leak

Health Insurer

User Privacy