Security Experts:

Connect with us

Hi, what are you looking for?



Hackers Leak Australian Health Records on Dark Web

Hackers on Wednesday began leaking sensitive medical records stolen from an Australian health insurer with nearly 10 million customers, including the prime minister, after the firm refused to pay a ransom.

Hackers on Wednesday began leaking sensitive medical records stolen from an Australian health insurer with nearly 10 million customers, including the prime minister, after the firm refused to pay a ransom.

Medibank told investors that a “sample” of data from some 9.7 million clients had been posted on a “dark web forum” — and that more leaks were likely. 

Sensitive records were posted anonymously in the early hours of Wednesday and included names, birth dates, passport numbers and information on medical claims for hundreds of customers.

The victims were separated into a “naughty” list and a “nice” list. 

Some on the “naughty” list had numeric codes that appeared to link them to drug addiction, alcohol abuse and HIV.

For example, one record carried an entry that read: “p_diag: F122”. 

F122 corresponds with “cannabis dependence” under the International Classification of Diseases, published by the World Health Organisation.

Prime Minister Anthony Albanese, himself a Medibank customer, said the attack was a “wake-up call” for corporate Australia.

“I am a Medibank Private customer as well and it will be of concern that some of this information has been put out there,” he said.

The leaked data was posted on a dark web forum that cannot be found using conventional web browsers.

Medibank — which provides private health insurance to Australians wishing to supplement universal public healthcare — informed the Australian Securities Exchange about the leak shortly before the market opened. 

“The files appear to be a sample of the data that we earlier determined was accessed by the criminal,” the company said in a statement.

“We expect the criminal to continue to release files on the dark web.” 

The hackers were following through on an earlier threat to publish the data unless Medibank paid an undisclosed ransom. 

“P.S I recommend to sell Medibank stocks,” the purported hackers wrote on the forum about 24 hours before the first batch of data was released. 

With the political backing of Australia’s federal government, Medibank on Tuesday refused the demand — instead warning customers to remain “vigilant”. 

“Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” Medibank boss David Koczkar said. 

– ‘Scumbags’ and ‘crooks’ –

The group also uploaded what they said were a series of exchanges between themselves and Medibank representatives.  

“We will do everything in our power to inflict as much damage as possible for you, both financial and reputational,” one message read. 

The security breach has already wiped hundreds of millions of US dollars off Medibank’s market value, with the company’s share price down over 20 percent since October, when news of the leak first emerged. 

AFP Assistant Commissioner Cyber Command Justine Gough said the “criminal or criminal groups” responsible for the hack could be operating outside of Australia. 

Australia’s assistant treasurer Stephen Jones said they were “scumbags” and “crooks”. 

“We shouldn’t be giving in to these fraudsters,” he told Sky News Australia. 

“The moment we fold, it sends a green light to scumbags like them throughout the world that Australia is a soft target.” 

As Medibank scrambles to contain the leak, it is also staring down the barrel of a potentially-costly class action lawsuit. 

Two law firms said Tuesday they had joined forces to investigate whether Medibank had breached its obligations to customers under the country’s Privacy Act.

The Medibank hack followed an attack on telecom company Optus in September that exposed the personal information of some nine million Australians.

Related: Medibank Confirms Data Breach Impacts 9.7 Million Customers

Related: New Malware Samples Indicate Return of REvil Ransomware 

Related: Australia Flags New Corporate Penalties for Privacy Breaches

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...