• Audio
  • Live tv
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms of Service
Sunday, May 28, 2023
Morning News
No Result
View All Result
  • Login
  • Home
  • News
    • Local
    • National
    • World
  • Markets
  • Economy
  • Crypto
  • Real Estate
  • Sports
  • Entertainment
  • Health
  • Tech
    • Automotive
    • Business
    • Computer Sciences
    • Consumer & Gadgets
    • Electronics & Semiconductors
    • Energy & Green Tech
    • Engineering
    • Hi Tech & Innovation
    • Machine learning & AI
    • Security
    • Hardware
    • Internet
    • Robotics
    • Software
    • Telecom
  • Lifestyle
    • Fashion
    • Travel
    • Canadian immigration
  • App
    • audio
    • live tv
  • Home
  • News
    • Local
    • National
    • World
  • Markets
  • Economy
  • Crypto
  • Real Estate
  • Sports
  • Entertainment
  • Health
  • Tech
    • Automotive
    • Business
    • Computer Sciences
    • Consumer & Gadgets
    • Electronics & Semiconductors
    • Energy & Green Tech
    • Engineering
    • Hi Tech & Innovation
    • Machine learning & AI
    • Security
    • Hardware
    • Internet
    • Robotics
    • Software
    • Telecom
  • Lifestyle
    • Fashion
    • Travel
    • Canadian immigration
  • App
    • audio
    • live tv
No Result
View All Result
Morning News
No Result
View All Result
Home Tech Business

Medibank won’t pay hackers ransom. Is it the right choice?

author by author
November 8, 2022
in Business, Security
Reading Time: 4 mins read
0 0
A A
0
0
SHARES
12
VIEWS
Share on FacebookShare on TwitterLinkedinReddit
Medibank won't pay hackers ransom. Is it the right choice?
Credit: Shutterstock

Medibank is still refusing to pay a ransom of an undisclosed amount to cybercriminals, despite the hackers now allegedly threatening to release the stolen data on the dark web.

It’s reported the data of about 9.7 million current and former Medibank customers were compromised in a breach first confirmed by Medibank on October 13.

The data are said to include customers’ names, dates of birth, addresses, phone numbers and email addresses—as well as some 500,000 health claims with information such as patients’ service provider details, where they received medical services and the types of treatments they claimed.

Medibank’s chief executive has said the company won’t be paying up—a decision endorsed by Home Affairs Minister Clare O’Neil. But what does the evidence say?

How were the data stolen?

According to various reports, it all started when a hacker compromised the credentials of a Medibank employee who had access to a number of the company’s data repositories. It’s unclear whether the employee would have needed multifactor authentication to access these data—and, if so, whether this was also compromised.

It’s believed this hacker then sold the employee’s credentials to notorious cybercriminal group REvil via an online Russian language forum. Around midnight, REvil posted on the dark web threatening it would release the data in the next 24 hours should the ransom not be paid.

While there’s no evidence REvil does indeed have access to the stolen data, historically the REvil group has not been found to bluff. There’s no reason to believe this time is different.

Medibank first identified unusual activity on its network on October 12. It then launched a follow-up investigation that confirmed the breach. We don’t know how long the cybercriminals may have had access to its systems before then.

It’s reported they stole some 200GB of data in total. This is quite a large amount, and it would be unusual not to notice the exportation of this much sensitive data.

In this case, however, it seems the criminals used some sort of compression algorithm to minimize the data file size. This may have allowed the data extraction to be less obvious, perhaps also through splitting the data into smaller data packages.

To pay or not to pay?

Medibank chief executive David Koczkar has said the ransom request would not be paid, and “making any payment would increase the risk of extortion for our customers, and put more Australians at risk”. He said the decision is consistent with advice from cybersecurity experts and the Australian government.

This is, in fact, a smart decision. Even if the ransom is paid, it does not guarantee the cybercriminals will not use the stolen data for other malicious purposes, or won’t undertake further attacks against Medibank.

Law enforcement agencies across the world are against paying ransoms. However, there are life-threatening situations in a healthcare context, such as during remote surgery, when there may be no choice.

Cybercriminals take advantage of vulnerabilities in healthcare IT infrastructure—largely because there’s a higher chance of getting a ransom paid in healthcare than in any other sector.

Often, organizations targeted will have to pay a ransom to get back access to data and continue providing healthcare services. According to one recent report the majority of ransomware attack victims in healthcare end up paying the ransom.

As to why Medibank hasn’t disclosed the specific ransom amount, this is because this information could encourage other cybercriminals to aim for similar targets in future ransom events.

If the ransom were disclosed, and later had to be paid, Medibank’s reputation as an insurance provider would hit rock bottom. When Colonial Pipeline’s fuel pipeline infrastructure in the US was hit by a ransomware attack, the hefty ransom payment of US$4.4 million left a permanent scar on the operator’s reputation.

The risks as the situation unfolds

The risks for victims of the Medicare data breach must not be underestimated. This sensitive information could be used in various types of fraud. For example, hackers may call victims of the data breach pretending to be Medibank, and ask for a service charge to have their data safeguarded. Healthcare data can also be used for blackmail and fraudulent billing.

What’s more, hackers can identify the most vulnerable individuals among the list of victims and create customized attack vectors. For example, individuals with implanted devices (such as pacemakers) can be targeted with blackmail and threats to their life.

Beyond this, cybercriminals could also use victims’ personal information to conduct a number of other scams unrelated to Medibank or healthcare. After all, if you have someone’s details it’s much easier to pretend to be any organization or company with authority.

For those potentially affected by the Medicare data breach, the most important thing now is to remain vigilant about all types of online activity. You can start by replacing your passwords with more secure passphrases. You should also consider running a credit check to see if any suspicious activity has been conducted in your name.

Provided by
The Conversation

This article is republished from The Conversation under a Creative Commons license. Read the original article.The Conversation

Citation:
Medibank won’t pay hackers ransom. Is it the right choice? (2022, November 8)
retrieved 8 November 2022
from https://techxplore.com/news/2022-11-medibank-wont-hackers-ransom-choice.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.

Set of 5 Clipper-mate Pocket Combs 5" All Fine Teeth

Avalon Coconut Body Lotion, 7 Ounce, Coconut, 7 ounces, 7 oz

Medibank won't pay hackers ransom. Is it the right choice?
Credit: Shutterstock

Medibank is still refusing to pay a ransom of an undisclosed amount to cybercriminals, despite the hackers now allegedly threatening to release the stolen data on the dark web.

It’s reported the data of about 9.7 million current and former Medibank customers were compromised in a breach first confirmed by Medibank on October 13.

The data are said to include customers’ names, dates of birth, addresses, phone numbers and email addresses—as well as some 500,000 health claims with information such as patients’ service provider details, where they received medical services and the types of treatments they claimed.

Medibank’s chief executive has said the company won’t be paying up—a decision endorsed by Home Affairs Minister Clare O’Neil. But what does the evidence say?

How were the data stolen?

According to various reports, it all started when a hacker compromised the credentials of a Medibank employee who had access to a number of the company’s data repositories. It’s unclear whether the employee would have needed multifactor authentication to access these data—and, if so, whether this was also compromised.

It’s believed this hacker then sold the employee’s credentials to notorious cybercriminal group REvil via an online Russian language forum. Around midnight, REvil posted on the dark web threatening it would release the data in the next 24 hours should the ransom not be paid.

While there’s no evidence REvil does indeed have access to the stolen data, historically the REvil group has not been found to bluff. There’s no reason to believe this time is different.

Medibank first identified unusual activity on its network on October 12. It then launched a follow-up investigation that confirmed the breach. We don’t know how long the cybercriminals may have had access to its systems before then.

It’s reported they stole some 200GB of data in total. This is quite a large amount, and it would be unusual not to notice the exportation of this much sensitive data.

In this case, however, it seems the criminals used some sort of compression algorithm to minimize the data file size. This may have allowed the data extraction to be less obvious, perhaps also through splitting the data into smaller data packages.

To pay or not to pay?

Medibank chief executive David Koczkar has said the ransom request would not be paid, and “making any payment would increase the risk of extortion for our customers, and put more Australians at risk”. He said the decision is consistent with advice from cybersecurity experts and the Australian government.

This is, in fact, a smart decision. Even if the ransom is paid, it does not guarantee the cybercriminals will not use the stolen data for other malicious purposes, or won’t undertake further attacks against Medibank.

Law enforcement agencies across the world are against paying ransoms. However, there are life-threatening situations in a healthcare context, such as during remote surgery, when there may be no choice.

Cybercriminals take advantage of vulnerabilities in healthcare IT infrastructure—largely because there’s a higher chance of getting a ransom paid in healthcare than in any other sector.

Often, organizations targeted will have to pay a ransom to get back access to data and continue providing healthcare services. According to one recent report the majority of ransomware attack victims in healthcare end up paying the ransom.

As to why Medibank hasn’t disclosed the specific ransom amount, this is because this information could encourage other cybercriminals to aim for similar targets in future ransom events.

If the ransom were disclosed, and later had to be paid, Medibank’s reputation as an insurance provider would hit rock bottom. When Colonial Pipeline’s fuel pipeline infrastructure in the US was hit by a ransomware attack, the hefty ransom payment of US$4.4 million left a permanent scar on the operator’s reputation.

The risks as the situation unfolds

The risks for victims of the Medicare data breach must not be underestimated. This sensitive information could be used in various types of fraud. For example, hackers may call victims of the data breach pretending to be Medibank, and ask for a service charge to have their data safeguarded. Healthcare data can also be used for blackmail and fraudulent billing.

What’s more, hackers can identify the most vulnerable individuals among the list of victims and create customized attack vectors. For example, individuals with implanted devices (such as pacemakers) can be targeted with blackmail and threats to their life.

Beyond this, cybercriminals could also use victims’ personal information to conduct a number of other scams unrelated to Medibank or healthcare. After all, if you have someone’s details it’s much easier to pretend to be any organization or company with authority.

For those potentially affected by the Medicare data breach, the most important thing now is to remain vigilant about all types of online activity. You can start by replacing your passwords with more secure passphrases. You should also consider running a credit check to see if any suspicious activity has been conducted in your name.

Provided by
The Conversation

This article is republished from The Conversation under a Creative Commons license. Read the original article.The Conversation

Citation:
Medibank won’t pay hackers ransom. Is it the right choice? (2022, November 8)
retrieved 8 November 2022
from https://techxplore.com/news/2022-11-medibank-wont-hackers-ransom-choice.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
Tags: health claimssensitive information
Previous Post

Amazon is bringing palm reading checkout stands to some Texas Whole Foods locations

Next Post

18-carat pink diamond reaps $28.8 million at Geneva auction

Related Posts

Business

Hundreds more tech, biotech layoffs hit Bay Area, Google real estate ally cuts jobs

May 27, 2023
11
Business

Google loses bid to move DOJ’s antitrust suit to NY from Virginia

May 27, 2023
12
Next Post
"The Fortune Pink"

18-carat pink diamond reaps $28.8 million at Geneva auction

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

POPULAR TODAY

World

Police: Boy shoots 2 administrators at Denver high school

by author
May 27, 2023
0
12

DENVER (AP) - A 17-year-old student shot and wounded two administrators at his Denver high school Wednesday as they searched...

How cars ‘waste’ two thirds of their fuel

May 28, 2023
12
Egypt

Egypt unveils recently discovered ancient workshops, tombs in Saqqara necropolis

May 28, 2023
12
Alabama quarterback Bryce Young gets a jersey from NFL Commissioner Roger Goodell after being chosen by Carolina Panthers with the first overall pick during the first round of the NFL football draft, Thursday, April 27, 2023, in Kansas City, Mo. (AP Photo/Jeff Roberson)

Panthers take Bryce Young at No. 1 overall in NFL draft

May 28, 2023
12

Toronto police trying to identify victim who was dumped unconscious on sidewalk from trunk of car

May 28, 2023
12

POPULAR NEWS

Dutch government to restrict sales of processor chip tech

May 15, 2023
33
Here’s what happens to NFTs when you die: Nifty Newsletter, April 12–18

Here’s what happens to NFTs when you die: Nifty Newsletter, April 12–18

May 19, 2023
31

Loans decline after SVB failure, Fed’s Beige Book finds, and add to stress on the economy

May 19, 2023
27
Several travel industry groups said that a travel advisory for Florida issued by the NAACP could harm small businesses in the state, specifically Black-owned ones.

Travel groups say NAACP’s Florida advisory misses the mark

May 23, 2023
22
Paul Edmonds (center) with two healthcare providers from City of Hope.

How a Breakthrough Treatment Helped ‘Cure’ This Man of HIV

May 23, 2023
18

EDITOR'S PICK

Manhattan DA
World

Trump grand jury turns to other matters, done for the week

by author
May 28, 2023
0
11

NEW YORK (AP) - The Manhattan grand jury investigating Donald Trump over hush money payments turned to other matters on...

Read more

20 years after U.S. invasion, young Iraqis see signs of hope

Advocates urge provinces to follow Quebec’s lead in crackdown on illegal Airbnbs

$1.12B in Bitcoin options expire this week, and bulls appear to be at a disadvantage

Meta working on potential Twitter rival

Morning News

Welcome to our Ads

Create ads focused on the objectives most important to your business Please contact us info@morns.ca

PBMIY 3 in 1 15W Foldable Fast Wireless Charger Stand Compatible with iPhone 13/12/11Pro/Max/XR/XS Max/X

Modern Nightstand Bedside Desk Lamp Set of 2 for Bedroom, Living Room,Office, Dorm, Gold

Backup Camera for Car HD 1080P 4.3 Inch Monitor Rear View System Reverse Cam Kit Truck SUV Minivan Easy Installation

OPI Natural Nail Base Coat, Nail Polish Base Coat, 0.5 fl oz

  • Home
  • Audio
  • Live tv
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms of Service

© 2022 Morning News - morns.ca by morns.ca.

No Result
View All Result
  • Home
  • News
    • Local
    • National
    • World
  • Markets
  • Economy
  • Crypto
  • Real Estate
  • Sports
  • Entertainment
  • Health
  • Tech
    • Automotive
    • Business
    • Computer Sciences
    • Consumer & Gadgets
    • Electronics & Semiconductors
    • Energy & Green Tech
    • Engineering
    • Hi Tech & Innovation
    • Machine learning & AI
    • Security
    • Hardware
    • Internet
    • Robotics
    • Software
    • Telecom
  • Lifestyle
    • Fashion
    • Travel
    • Canadian immigration
  • App
    • audio
    • live tv
  • Login

© 2022 Morning News - morns.ca by morns.ca.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version