Good morning class,
I will be talking about the Australian health insurance company that was held for ransom in late 2022. In reading two articles about the incident, I have found there was no alternative motive from the hacker other than asking for $10 million to stop releasing personal medical records of millions of customers to the public and dark web. These records contained the customers names, birthdates and passport numbers. The hacker also had records of high-profile customers who are suspected to be amongst Australian government lawmakers. The hacker had also made a claim stating they have information to decrypt and access customer credit cards. Medibank CEO David Koczkar had a conversation with the intruder in regards to the credit cards claiming no credit card details have been accessed.
A month after the first article of the ransom attack was published in November 9, 2022 a second article from the same website was published December 1, 2022. This second article stated that there hasn’t been any further threats to Medibank. Medibank refused to pay the ransom of $10 million which then dropped to $9.7 million, who went on record to say, “We believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published.” The articles do not state who made the decision to not pay the ransom and the reasoning behind it however it is safe to assume it was CEO of Medibank David Koczkar’s decision. Staying true to the definition of ethical, Medibank decided to not pay the ransom as there was no guarantee the customers records would stop being released after potential payment. It is more of a logical reason to refuse payment of the ransom rather than a question of morals.
What could have prevented this attack is routinely updating the company’s systems and softwares, implementing an intrusion detection system and ensuring your IT security team is trained on these systems and softwares. The absence of these preventative actions may very well be the cause of the cyber attack. Since the ransom attack Medibank has added two-factor authentication to their softwares for customer and issued cautionary warning of the attack and recommended ways to keep their account information safe. What also happened was the Office of Australian Information Commissioner (OAIC) initiated an investigation as to how Medibank handles their customers personal records and if the company has taken reasonable actions to prevent future cyber intrusions. This is important because Medibank can’t be held financially liable for the number of cyber attacks the company has had as it could be seen as negligence for their cyber security. – David Santana
References:
- Page, C. (2022, November 9). Medibank breach: Hackers start leaking health data after ransomware attack. TechCrunch. Retrieved April 24, 2023, from https://techcrunch.com/2022/11/09/medibank-ransomware-leak/
- Page, C. (2022, December 1). Medibank hackers declare ‘Case closed’ as trove of stolen data is released. TechCrunch. Retrieved April 24, 2023, from https://techcrunch.com/2022/12/01/medibank-case-closed-stolen-data-released/
- Internet Security, C. F. (2021, July 15). 7 steps to help prevent & limit the impact of Ransomware. CIS. Retrieved April 24, 2023, from https://www.cisecurity.org/insights/blog/7-steps-to-help-prevent-limit-the-impact-of-ransomware