Monday, 28 Nov 2022

Medibank cyber-attack: should the health insurer pay a ransom for its customers data?

Medibank cyber-attack: should the health insurer pay a ransom for its customers data?


Medibank cyber-attack: should the health insurer pay a ransom for its customers data?

Two weeks after the Medibank cyber-attack, the question that remains unanswered is: will the company pay a ransom?

Medibank said it has determined through communications with the alleged hacker that data on all of the company's 3.9 million customers has been exposed. The records include personal information like names, dates of birth, addresses, and gender identities, as well as Medicare numbers and health claims.

The hacker claimed to have extracted about 200GB of files, and has provided 1,000 records to the insurer to prove they have the data claimed.

Beyond these details, Medibank has been tight-lipped about its communications with the hacker. It has not responded to questions about whether it has or will pay a ransom to prevent the release of the data online, or the sale of the data to a third party.

Richard Buckland, a professor of cybercrime at UNSW, said the Medibank case was one of the few where a company should pay the ransom.

"This would be one of the very rare cases where I think the costs of not paying are so extraordinarily high that it would probably justify the cost of paying," he told Guardian Australia.

"This is causing harm to innocent people who had nothing to do with the incompetence of the organisation in looking after the data. They were forced to hand that data across and that collateral damage, I think, is what makes this different."

you may also like

Los Cabos Launches Loyalty Program to Reward Travel Advisors
  • by travelpulse
  • descember 09, 2016
Los Cabos Launches Loyalty Program to Reward Travel Advisors

The Los Cabos Tourism Board introduced its new Loyalty Program, which allows travel advisors to earn redeemable rewards points for each guest night they book in the destination.

read more