Australian authorities have blamed Russia-based hackers for a cyberattack that exposed the personal information of private health insurance customers, including details of abortions and treatments for addiction and HIV.
Australian Federal Police (AFP) Commissioner Reece Kershaw said on Friday that a “group of loosely affiliated cybercriminals” linked to data breaches elsewhere was responsible for the cyberattack on Medicare.
Kershaw said that authorities know the identity of the individuals behind the cyberattack, which compromised data belonging to almost 10 million customers, but would not name them at this time.
“To the criminals, we know who you are and moreover, the AFP has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system,” he said during a short news conference on Friday.
Kershaw said the AFP will be holding talks with Russian law enforcement about the individuals believed to be responsible.
Local media earlier linked the dark web forum used to post the hacked data to the crime group REvil, which Russian authorities said they shut down earlier this year at the request of the United States.
The hackers behind the leak have demanded a ransom of almost $10m to stop leaking Australians’ medical information.
Medibank, Australia’s largest private health insurer, has refused to pay the ransom, citing advice from cybercrime experts that doing so would not ensure the return of customers’ information and could put “more people in harm’s way by making Australia a bigger target”.
Beginning this week, the extortionists have posted sensitive medical information in tranches on a dark web forum.
The information has included details of clients’ abortions and treatments for addiction, mental illness and HIV.
The data leak, which first came to light last month, is the latest in a series of cyberattacks to rock Australia.
Optus, Australia’s second-largest telecom provider, said in September that up to 10 million customers’ data had been compromised in a cyberattack against the company.