Australia blames Russian hackers for medical data theft

Australia blames Russian hackers for medical data theft

Hackers are demanding US$10 million to stop leaking sensitive records they stole from Medibank, Australia's largest private health insurer
Hackers are demanding US$10 million to stop leaking sensitive records they stole from Medibank, Australia's largest private health insurer. Photo: SAEED KHAN / AFP/File
Source: AFP

PAY ATTENTION: Сheck out news that is picked exactly for YOU ➡️ find the “Recommended for you” block on the home page and enjoy!

Russian hackers carried out a cyberattack on a major Australian healthcare company that breached the data of 9.7 million people, including the country's prime minister, police said Friday.

The hackers started leaking the data earlier this week after Medibank -- the country's largest health insurer -- refused to pay a $9.7 million (Aus$15 million) ransom.

Australian Federal Police commissioner Reece Kershaw blamed the attack on Russia-based "cyber criminals".

"We believe those responsible for the breach are in Russia," he told reporters.

"Our intelligence points to a group of loosely affiliated cyber criminals who are likely responsible for past significant breaches across the world."

The hackers have been drip-feeding the stolen data to a dark web forum.

PAY ATTENTION: Never miss breaking news – join Briefly News' Telegram channel!

Read also

Hackers demand $10 mn for stolen Australian health records

The first leaks appeared to have been selected to cause maximum harm: targeting those who received treatment related to drug abuse, sexually transmitted infections, or pregnancy terminations.

Kershaw said it was a crime that could impact "millions of Australians".

"These cyber criminals are operating like a business with affiliates and associates who are supporting the business."

He added that Australian police would be working with Interpol and seeking the cooperation of their counterparts in Russia.

"We'll be holding talks with Russian law enforcement about these individuals," he said.

"Russia benefits from the intelligence sharing and data shared through Interpol and with that comes responsibilities and accountability."

Kershaw said police knew the identities of the hackers but he would not be naming them.

Cybersecurity analysts have suggested they could be linked to Russian hacker group REvil.

REvil -- an amalgam of ransomware and evil -- was reportedly dismantled by Russian authorities earlier this year, after extracting an $11 million ransom from JBS Foods, a major food conglomerate.

Read also

Germany blocks sale of two chipmakers to China

'Cover their tracks'

Australian National University cyber security expert Thomas Haines said tracking the hackers down was the easiest part for police.

"It's unusual for hackers to cover their tracks so well that you don't know where they came from," he told AFP.

"But there are certain areas of the world where the ability to apply any pressure is effectively zero."

Kershaw said Australian police were taking "covert measures" to bring the hackers to justice.

"To the criminals, you know we know who you are," he said.

"The Australian Federal Police has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system."

Home Affairs Minister Clare O'Neil on Thursday said the "smartest and toughest" people in Australia were hunting down the hackers.

In a taunting reply posted to the dark web early Friday morning, the hackers said: "We always keep our word."

Read also

Hackers leak Australian health records on dark web

"We should post this data, because nobody will believe us in the future."

PAY ATTENTION: Сheck out news that is picked exactly for YOU ➡️ find the “Recommended for you” block on the home page and enjoy!

Source: AFP

Authors:
AFP avatar

AFP AFP text, photo, graphic, audio or video material shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium. AFP news material may not be stored in whole or in part in a computer or otherwise except for personal and non-commercial use. AFP will not be held liable for any delays, inaccuracies, errors or omissions in any AFP news material or in transmission or delivery of all or any part thereof or for any damages whatsoever. As a newswire service, AFP does not obtain releases from subjects, individuals, groups or entities contained in its photographs, videos, graphics or quoted in its texts. Further, no clearance is obtained from the owners of any trademarks or copyrighted materials whose marks and materials are included in AFP material. Therefore you will be solely responsible for obtaining any and all necessary releases from whatever individuals and/or entities necessary for any uses of AFP material.