After attacking a major healthcare provider in Australia earlier this year, cybercriminals dumped a large selection of data to the internet this week, including customers’ personal health information. The leak reportedly includes sensitive documents related to some patients’ medical procedures, including pregnancies and abortions.
The victim, health insurance giant Medibank, was compromised by ransomware hackers earlier this year. The gang asked the company for a ransom of nearly $10 million, but the company refused. After negotiations broke down, the criminals began publishing portions of the stolen data to the internet this week, including information about the company’s customers.
On the hackers’ website, a file dubbed “abortions” was posted alongside other leaked health information on Thursday night. The Guardian reports that the file is said to include information on “procedures claimed by a policyholder related to the termination of pregnancy, including non-viable pregnancy, ectopic pregnancy, molar pregnancy, miscarriages, and readmission for complications.”
Motherboard reports that documents leaked on these and other patients have included sensitive information, including “patients’ home addresses, phone numbers, and passport numbers, as well as details about health conditions such as alcohol abuse, anxiety, cannabis dependence and opioid addictions.”
The group responsible for this ethically heinous leak has been dubbed “BlogXX” by threat researchers. Police in Australia claim the group may be connected to a well-known but thought to be defunct Russian-speaking ransomware gang known as REvil. Why exactly REvil is suspected of involvement isn’t clear.
Clare O’Neil, Australia’s minister for home affairs, said Wednesday that police were working to find those responsible. “I want the scumbags behind this attack to know that the smartest and toughest people in this country are coming after you,” she said. “I want to say, particularly to the women whose private health information has been compromised overnight, as the minister for cybersecurity but more importantly, as a woman, this should not have happened, and I know this is a really difficult time.”
O’Neil also said that her office had been in conversation with Medibank and that the company had agreed to provide support services to those affected by the breach. “The expectation of Australians is that support will be there when they need it,” she said. “That is why we requested that Medibank operate a one-stop-shop model, to assist citizens in accessing the support that has been made available across Medibank, the civil sector and state and federal governments.”
The gang suspected to be “behind” the attack, REvil, has a prolific track record but which is thought to have been dismantled by the Russian Federal Security Service in January. The gang previously took credit for a number of large ransomware attacks, including a sophisticated supply chain attack on the software company Kaseya that managed to infect well over a thousand companies.