Medibank Private cyber incident

In October 2022, hackers targeted Medibank Private with a ransomware attack. This put 9.7 million people at risk of exploitation and fraud.

The hackers threatened to release sensitive medical records on the dark web. These records included personal medical histories, as well as Medicare, passport, and driver licence numbers.

Other companies and government agencies were overwhelmed as people rushed to secure their accounts and replace licences and passports. Individuals experienced a range of impacts, from inconvenience to anxiety about ongoing threats.

Medibank Private worked with the Australian Federal Police and upheld the Australian Government's policy of not paying ransoms to avoid encouraging future attacks. There was also no guarantee that paying the ransom would recover the data or prevent its release.

The Australian Federal Police identified the hackers as originating from Russia and collaborated with Interpol and Russian authorities to pursue them. The group, known as REvil, demanded a ransom of US$1 per affected customer, totaling US$9.7 million (A$15 million).

Initially a 'hacker for rent' service, REvil evolved to take direct action and was reported by Russian authorities to have disbanded in 2022. However, these attacks highlight the persistent threat from groups that can regroup or collaborate with others for future cyberattacks.

The Medibank Private incident shows that cybercriminals can operate from anywhere, making it extremely difficult to bring them to justice. It emphasises the need for vigilance in the face of an increasing threat environment.