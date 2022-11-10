For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails Sign up to our free breaking news emails Please enter a valid email address Please enter a valid email address SIGN UP I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice Thanks for signing up to the

Hackers of Australia’s major healthcare company Medibank have started leaking clients’ sensitive medical records on the dark web after the insurance company refused to pay them ransom.

On Thursday, the hackers were demanding AUS$14m ransom ($10m) from Medibank to make it stop.

ABC News reported that the leaked Medibank data includes details of hundreds of those customers who might have terminated their pregnancies.

The hackers posted a file labelled “abortions” on a dark web blog that is linked to ransomware crime group REvil, which some experts say has links to Russia, and said they sought $10m from Medibank to prevent the leak of the data.

The data in the file is understood to include procedures claimed by a policyholder related to the termination of pregnancy, including non-viable pregnancy, ectopic pregnancy, molar pregnancy, miscarriages, and readmission for complications.

On Thursday, Medibank released a statement in which it said that “the criminal has released an additional file on a dark web forum containing customer data that is believed to have been stolen from our systems. These are real people behind this data and the misuse of their data is disgraceful and may discourage them from seeking medical care”.

“Given the data’s sensitive nature, we’re asking the media and others to support our ongoing efforts to minimise harm to customers, and not to unnecessarily download sensitive personal data from the dark web and to refrain from contacting customers directly,” they said.

On Wednesday, the hackers posted details featuring a “naughty list” of names that appeared to have undergone treatment for drug addiction, alcohol abuse, and HIV.

Medibank has confirmed the details of almost 500,000 health claims that have been stolen, along with personal information, after the unnamed group hacked into its system weeks ago.

Meanwhile, David Koczkar, chief executive of Medibank, said in a statement that the release of the information was “disgraceful”.

“We take the responsibility to secure our customer data seriously and we again unreservedly apologise to our customers.

“The weaponisation of people’s private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community,” he said.

“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care.”

Australia’s cyber security minister Clare O’Neil told parliament that “the actions of the national coordination mechanism to prepare for what is taking place are extensive”.

She said that “it includes placing protective security around government data, state police working with affected individuals, the organisation of mental health support and counselling, and putting in place management plans around people who have some very specific vulnerabilities”.

Ms O’Neil also pledged that police would track down the “scumbags” behind the hack. “I want the scumbags behind this attack to know that the smartest and toughest people in this country are coming up to you.”

Addressing the parliament on Thursday, she said: “I want to say, particularly to the women whose private health information has been compromised overnight, as the minister for cybersecurity but more importantly, as a woman, this should not have happened, and I know this is a really difficult time.”

She said that she spoke twice with Mr Koczkar and made it “abundantly clear of the expectations of the Australian community about what this company owes to its customers given what has transpired here”.

During a media briefing on Wednesday, prime minister Anthony Albanese said: “This is really tough for people. I’m a Medibank private customer as well, and it will be of concern that some of this information has been put out there.”

On social media, women banded together to condemn the hackers’ release of sensitive medical information. One user wrote on Twitter: “The fact that the names and addresses of women who’ve had abortions were compromised in the Medibank data breach, in a separate file called ‘abortions’ is terrifying.”

Another user opined: “The Medibank medical data is only ‘embarrassing’ because we consider it such. The hackers would have nothing if we all could agree on one thing: reaching out for medical help is never embarrassing, whatever the problem. It’s the opposite — a sign of strength and overcoming.”

David Shoebridge from North South Wales wrote on Twitter: “Like millions of other Australians, my family was caught up in the Medibank breach & today we’re learning our personal data is on the dark web. Our worst data breach nightmares are playing out in real time, as our existing laws & data protection systems are no match for hackers.”