Hackers demand $10M to stop Australia health record leaks

Cybercriminals who accessed information belonging to some 9.7 million current and former clients of Medibank — the largest private health insurer — demand a dollar for each victim.

The hack is likely to include some of the country's most influential and wealthy individuals.
Reuters Archive

The hack is likely to include some of the country's most influential and wealthy individuals.

Hackers leaking medical records stolen from a major Australian healthcare company have demanded $10 million to stop the leaks, about a dollar for each of their potential victims.

Medibank earlier this week confirmed the hackers had accessed information belonging to 9.7 million current and former clients, including Prime Minister Anthony Albanese.

A small sample of records posted by the hackers early on Wednesday featured a "naughty list" of names that appeared to have undergone treatment for drug addiction, alcohol abuse and HIV.

Medibank on Thursday confirmed an "additional file" believed to contain customer data was uploaded to a "dark web" forum overnight.

The hackers used the same forum to detail their ransom demand.

"Society ask us about ransom, it's 10 million USD," the anonymous hackers posted on the forum.

"We can make discount... $1 = 1 customer."

Medibank has repeatedly refused to pay the hackers.

READ MORE: Hackers leak health records of millions of Australians

'Scummy criminals'

"The release of this stolen data on the dark web is disgraceful," chief executive David Koczkar said on Thursday.

"The weaponisation of people's private information in an effort to extort payment is malicious and it is an attack on the most vulnerable members of our community".

Home Affairs Minister Clare O'Neil has described the hackers as "scummy criminals".

"I cannot articulate the disgust I have for the scumbags who are at the heart of this criminal act," she told parliament on Wednesday.

Medibank is Australia's largest private health insurer and the hack is likely to include some of the country's most influential and wealthy individuals.

The hackers had previously threatened to sell the data of 1,000 high-profile Australians if the company did not pay an undisclosed ransom.

The "sample" selection of customer data posted to the dark web on Wednesday included names, birth dates, passport numbers and information on medical claims for hundreds of customers.

READ MORE: Cybercriminal hacks data of all customers: Australian health insurer

Route 6