‘Vulnerable in many ways’: Hackers target high-profile drug and mental health patients in data leak

Medibank customers don’t know if their personal information is among what hackers leaked to the dark web overnight.

It appears that cybercriminals have published what they have called “naughty” and “nice” lists of people prominent among the leaked data.

The ABC understands from multiple reliable sources that the “naughty” list includes about a hundred people, many with known last names, who have undergone treatment for drug or alcohol use, or for mental health problems such as eating disorders.

Sam Biondo, executive director of the Victorian Alcohol and Drug Association, said the disclosure of such private information could do a lot of harm to those affected.

“This was extremely concerning given the stigma associated with people who have problems with alcohol or drugs,” he told ABC News.

“They are vulnerable in many ways, since they have sought help for a problem that they have.”

ABC has been told that the information now on the dark web also includes raw and extremely limited information for around 5 million Medibank customers.

Medibank has admitted that the data of 9.7 million previous and long-standing customers was breached when hackers gained access to a database of its three brands: Medibank, its budget brand ahm, and its international student arm, ohm.

Cybersecurity expert Troy Hunt said it’s clear hackers have released a lot of personal data.

“It appears to be legitimate,” he told ABC News.

“I just saw someone tweet that the information they found there about themselves was accurate.

  Australian Clinical Labs says data of 223,000 people hacked - ET HealthWorld

“I don’t know how many people are really affected by the data that has already been leaked. But several hundred megabytes of text is actually quite a lot of data.”

Medibank warned on Wednesday to expect more data leaks from cybercriminals as it continues to reject ransom demands.

‘Lack of communication’

Meanwhile, Medibank customers aren’t sure if any of their data is now in the public domain.

“Our team is working around the clock so that we can inform customers about their data that we believe has been stolen and remind them of available support,” Medibank CEO David Koczkar said on the social media platform LinkedIn.

“We have started analyzing the data posted on the dark web and will be contacting affected customers. This is a complex process and may take some time.”

However, former Medibank client Juliann Adriani is disappointed with the level of communication from the health insurer so far.

“What worries me a lot is the lack of communication, particularly with people who don’t have access to social media or email,” he told ABC News.

“My father is 81 years old and has not received a shred of correspondence from Medibank Private, despite being a valued customer for a long, long time.”

For Ms. Adriani, the lack of information has been very stressful, amid fears that she is vulnerable to identity theft as a result of the stolen data.

“A feeling of dread and fear of the unknown.”

Mohique Gajdhar is one of around 10 million Medibank customers whose personal information may have been posted online. (ABC News: John Gunn )

Mohique Gajdhar has no idea if his data has been published, has not been contacted directly by Medibank and is concerned about the possible publication of his health data.

“Because it’s a very private thing and it shouldn’t have been leaked and it can be misused,” Gajdhar said.

“What prescriptions I take, what doctors I’ve been to, any medical procedures I’ve had, all of that data could be leaked.”

  Laguna Health adds new role to build out custom patient engagement platform

Like other international students, he was required to obtain private health insurance to study in Australia.

.

Leave a Comment