TeamHood 
A Ransomware gang going by the name of BlogXX has claimed that it is behind the attack against Australian health insurance provider Medibank pvt. limited.
Medibank is one of the largest private health insurance company which covers around 4 million users.
The ransomware gang threatened that it would leak data allegedly stolen from Medibank’s systems within 24 hours. The gang is yet to reveal how much data it exfiltrated out of Medibank’s network and hasn’t shared any proof to verify that the data has been leaked.
Medibank refuses to pay the ransom
Medibank did not specify that which Ransomware gang has targeted the company , the company said in a press release published that it refused a ransom demand made by the attackers.
“Today, we’ve announced that no ransom payment will be made to the criminal responsible for this data theft,” Medibank said.
“Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published.”
The health insurer added that paying the attackers would also likely motivate them to go after customers affected by the data breach.
Furthermore, a ransom payment will encourage others to attack Australian organizations, putting more people at risk.
“There is a strong chance that paying puts more people in harm’s way by making Australia a bigger target,” the company added. “This decision is consistent with the position of the Australian Government.”
Millions of users might be impacted due to this data leak
The ransomware gang starts leaking the allegedly stolen data to back their claims and attempt to force Medibank’s hand into negotiating a deal, the company revealed the attackers gained access to sensitive information belonging to millions of customers. Initially Medibank denied claims of data leak and access by the attackers.
The complete rundown of data Medibank believes was exposed in the breach includes the following:
- Name, date of birth, address, phone number, and email address for approximately 9.7 million current and former customers and authorized representatives
- Medicare numbers (but not expiry dates) for ahm health insurance (ahm) customers
- Passport numbers (but not expiry dates) and visa details for international student customers
- Health claims data for roughly 480,000 Medibank, ahm, and international customers
- Health provider details, including names, provider numbers, and addresses
Medibank added that it also believes the cybercriminals behind the October attack have not gained access to financial information (credit card and banking details), primary identity documents (e.g., driver’s licenses), or health claims data for extras services (like dental, physio, optical and psychology).
“Given the nature of this crime, unfortunately we now believe that all of the customer data accessed could have been taken by the criminal,” Medibank
