back to article Medibank prognosis gets worse after more stolen data leaked

Australian health insurer Medibank's prognosis following an October data breach keeps getting worse as criminals dumped another batch of stolen customer data on the dark web.  The miscreants, believed to be linked to Russia's REvil ransomware gang, posted what they claimed to be the rest of the exfiltrated data on Thursday, …

  1. An_Old_Dog Silver badge

    "sipped" data / financial fraud + data corruption

    ... sipped files in a folder called 'full' It's nice to know the miscreants only sipped the data.

    "is not sufficient to enable identity and financial fraud," according to Medibank's Thursday admission. Wrong-o. Financial fraud is possible with that data, albeit against the insurance companies. And data corruption is possible against the individual patients. Bad guy/gal shows up to a hospital, provides victim's medical record number, and, (a) gets "free" medical care; (b) corrupts the victim's medical records with details of the perpetrator's heart condition.

    1. Androgynous Cupboard Silver badge

      Re: "sipped" data / financial fraud + data corruption

      “How shall we profit from all this stolen data Dmitry?”

      “I don’t know about you Sergei, but I’m going to fly to Sydney and pretend to be someone else so I can get his hip replacement.”

  2. Anonymous Coward
    Anonymous Coward

    Meanwhile in the UK ...

    ... the Government gives our Confidential NHS Health Data away for free to foreign private companies [presumably in return for future employment once they're ejected from Office].

  3. sitta_europea Silver badge


    Minister for Home Affairs and Cyber Security Clare O'Neil said the operation will "scour the world, hunt down the criminal syndicates and gangs who are targeting Australia in cyber-attacks, and disrupt their efforts."


    There are some people over here at Stirling Lines who can probably help.

  4. that one in the corner Silver badge

    Return of the data?

    > there is only a limited chance paying a ransom would ensure the return of our customers' data ...

    What? What does "returning" it mean?

    Was the data deleted from MediBank's system and they hope restore it (corruption-free, of course!)? Haven't spotted where that was claimed.

    Maybe their data is like the EMH - apparently the Doctor's data can only exist on one host at a time...

    1. AVR

      Re: Return of the data?

      Assuming the crims encrypted the data in situ with ransomware then the latest data at least is gone as far as Medibank is concerned.

      1. that one in the corner Silver badge

        Re: Return of the data?

        I would agree, except that there is no evidence to validate that assumption in any of the reports on this story that I've found so far.

        In particular, please refer to the earlier Register article at and the PDF it links to where Medibank describe the state of affairs: there is no mention in that of any loss or encryption of data.

    2. Anonymous Coward
      Anonymous Coward

      Re: Return of the data?

      No, it was just stolen. But if course, if a ransom was paid and the stolen data was "returned" it would magically delete itself from the miscreants systems. Surely no criminal would keep a copy to extort them again?

    3. Phil Kingston

      Re: Return of the data?

      I couldn't comment one way or the other on if this is genuine, but the alleged communication between Medibank and the Hackers can be read at

  5. dunelm15

    Can be useful to collect these stories

    I tend to collect these types of stories for use in future project discussions. Sounds harsh, but having a real horror story can bring to life discussions on architecture, design and best security practices when you have some smart ass project manager briefing against you for trying to slow down a deliverable.

    Always ensure key stakeholders hear the message and, more importantly, that it is in the minutes that this was discussed in their presence.

    Doesn’t always work, but I reckon that I have prevented one or two cock-ups using this this (I once used The Mars Climate Orbiter as an example of needing good data architecture that aligned common reference data).

  6. Anonymous Coward
    Anonymous Coward

    I think I've commented before that I worked as a contractor for Medibank some years ago (hence anonymous).

    It does not surprise me at all that this happened since Medibank had outsourced absolutely everything in its tech systems to a bewildering range of sub- and sub-sub-contractors. Even though everyone I worked with was professional and competent, we all went to work elsewhere taking all of that knowledge and overview with us. There was no institutional memory or oversight at all - I can't recall ever having actually met a bona fide Medibank employee.

    I will say that BUPA was even worse - so look for their name in the news very soon.

    And don't even ask me about DFAT.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like