Hackers who stole customer data from Australia’s largest health insurer Medibank have released a file of abortion records under the insurer.
Medibank urged the public to not seek out the files, which contain the names of policy holders rather than patients after refusing to pay a ransom for the data.
The Australian government has also defended the company’s decision to not pay the ransom.
In September, Australia’s second-largest telecommunications firm Optus was also targeted for extortion, after the personal data of about 10 million customers was stolen in what the company called a cyber-attack.
“We believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published.”
The hackers this week published their first information after Medibank refused to pay a $10m (£8.7m; A$15.6m) ransom – about $1 for every customer.
Screenshots of WhatsApp messages suggest that the ransomware group also plans to leak “keys for decrypting credit cards” despite Medibank’s assertion that no banking or credit card details were accessed.
“Based on our investigation to date into this cybercrime we currently believe the criminal did not access credit card and banking details,” Medibank spokesperson Liz Green stated.
The cybercriminal gang behind the Medicare ransomware attack, whose identities are not known but has relied on a variant of REvil’s file-encrypting malware, has so far leaked the personal details of around two hundred Medibank customers, a fraction of the data that the group claims to have stolen.
Medibank has apologized for what it has called the “malicious weaponization” of private information.