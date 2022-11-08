Those responsible for releasing the personal health information of millions of Australia have been described as "scumbags" and "disgraceful human beings" as the federal government grapples with the serious cyber attack against Medibank.
A ransomware group began posting client data stolen from Australia's largest health insurer on the dark web on Wednesday morning.
Hundreds of names, addresses, birthdates and Medicare details were being posted under "good-list" and "naughty-list" on a blog belonging to the group.
Speaking at an ANU National Security College event in Canberra on Wednesday morning, Home Affairs Minister Clare O'Neil described the attack as "disgusting".
"I don't have words to express the disgust I feel at crimes of this nature," she said.
"We went through [the] Optus [breach] recently where the things at risk were mainly financial, and you can replace a credit card and you can refund money to people who have it stolen from them.
"The fact that people's personal health information is being held over their head is just disgusting to me.
"They are just disgraceful human beings and we need to step up and do everything we can to fight back against them."
The government frontbencher said the government had activated the National Coordination Mechanism, the first time it's been used for a cyber attack, which has allowed government and the private sector to work together in order to solve the problem.
"It was set up to deal with the most difficult, intractable, urgent problems that were being experienced at that time," Ms O'Neil said.
"It is an unbelievably effective way for us to elevate the urgency of a problem across all levels of government and community and business and to bring together people who need to work together to solve a problem who may not used to be working together."
The hackers had demanded a ransom to stop them from releasing the data, but Medibank earlier this week said it would not pay it because it would encourage further crime.
Ms O'Neil added it was crucial for Australians to know that paying the ransom would not have prevented the situation from happening.
"What we see so often with these incidents is that companies, in desperation, pay a ransom and then the data is used to re-victimise and re-victimise, and re-victimise," she said.
"We cannot live in a world where people can do this sort of thing and benefit financially from it.
"This enables and empowers the very disgraceful human beings who are at the heart of this and we cannot allow that to happen."
Shortly after midnight, the ransomware attackers posted the first lists.
"Looking back that data is stored not very understandable format (table dumps) we'll take some time to sort it out," the attackers said in the early hours of Wednesday.
"We'll continue posting data partially, need some time to do it pretty."
The hackers also appeared to have revealed screenshots of private messages recently exchanged between themselves and Medibank representatives.
Medibank has previously confirmed almost 500,000 health claims were stolen, along with personal information, when the unnamed group hacked into its system weeks ago.
Some 9.7 million current and former customers have been affected.
No credit card or banking details were accessed.
- with AAP
I'm a federal politics and public sector reporter with an interest in national security, integrity and regulation. Contact me with general tips and thoughts at sarah.basfordcanales@canberratimes.com.au or confidential tips to sbasfordcanales@protonmail.com.
