Russian Medibank hackers release information on another 1,500 patients

The Russian hackers responsible for the Medibank breach released another 1,496 records in its biggest data drop yet.

Cybercriminals uploaded four folders to the dark web labeling the files “sexually transmitted diseases”, “HIV”, “psycho” and “viral hepatitis” on Sunday.

The list contains information on people with chronic conditions such as heart disease and diabetes, people with cancer and dementia, while others have been diagnosed with mental illness.

This is the biggest data loss by hackers to date and brings the total number of records released to 2,700.

Medibank chief executive David Koczkar said investigations were already underway to determine the accuracy of the information that was leaked.

The Russian hackers responsible for the Medibank breach have released information on another 1,500 patients (stock image)

Medibank chief executive David Koczkar said investigations were already underway to determine the accuracy of the information that was leaked.

“Previous files released do not match our records,” he said.

“For example, we are halfway through the analysis of the list of “STDs” – so far there are no codes related to STDs.

“Anyone who downloads this data from the dark web, which is more complicated than searching for information on a public internet forum, and tries to profit from it is committing a crime.

Some 375 of the files included in the latest data drop were found not to match Medibank data.

“We will continue to support everyone who has been impacted by this crime through our Cyber Response Support Program,” Koczkar said.

“Once again, I unreservedly apologize to our customers.

“We remain committed to communicating fully and transparently with customers and will continue to reach out to customers whose data has been posted on the dark web.”

This is the fifth batch of information the hackers have uploaded after Australian authorities refused to comply with their demands and pay a $15 million ransom.

Some 9.7 million people are believed to have been hacked with personal information stolen by the cybercriminals.

Home Secretary Clare O’Neil said she would share Medibank customers’ frustrations with a lack of communication and transparency with the company.

Chairman Mike Wilkins defended his company’s handling of the cyberattack and its lackluster communication with shareholders and customers, saying the company will continue to be measured on how it responds.

Prime Minister Anthony Albanese said he was “disgusted” by the hackers’ actions

“We have always taken and continue to take our IT security very, very seriously,” he said in response to a shareholder’s question at the company’s annual general meeting on Wednesday.

“We believe our processes were robust, although clearly not robust enough under these circumstances.” And we’ll look to learn from that once we’ve completed this review.

Prime Minister Anthony Albanese said he was “disgusted” by the hackers’ actions.

“But the point is that the nation from which these attacks originated should also be held accountable for the…disclosure of information, including very private and personal information,” he said Nov. 11.

“I say to those grieving over this revelation: we stand with you at this time.”

The cyberattack overshadowed the health insurer’s strong operational performance.

Medibank chief executive David Koczkar said investigations were already underway to determine the accuracy of the information that was leaked.

The net number of resident policyholders was up 14,500 as of November 12 and its non-resident business saw customer growth of 14% in the September quarter.

The company expects the underlying net claims burden per resident policy unit to be flat at 2.3% for the full year and Mr Koczkar said the business remained strongly capitalized.

Medibank bosses will still win bonuses worth $7.3 million despite the massive data breach.

The cleanup bill following the data breach is expected to cost between $35 million and $150 million, but executives will still keep their bonuses.

Mr Wilkins said executive pay would not be reviewed until next year after an external review of the attack was completed.

“That’s something we’ll consider for the year 2023 once we get the full survey results,” Wilkins said.

Mr. Kockzar won bonuses worth $1.1 million in the last fiscal year, with his total salary amounting to $2.59 million.