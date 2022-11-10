Home Secretary Clare O’Neil has tearfully vowed to hunt down and punish Medibank hackers in an emotional speech to Parliament.

Cybercriminals stole the medical data of 9.7 million private Medibank members and, after their ransom demands were denied, leaked some of it to the dark web.

The hackers claimed the released data included details of the women’s abortions and threatened to release more unless they were paid $9.7 million.

Ms O’Neil earlier warned that the leak was likely to get worse and, during Thursday’s Question Time, acknowledged that “those fears have come true”.

“I want to say, especially to women whose private health information has been compromised overnight, I know this is a really tough time,” she said.

“I want you to know that as a parliament and as a government we are on your side. You have the right to keep your health information private and what happened here is morally wrong and criminal.

Ms O’Neil became emotional as she spoke, her voice wavering and her eyes filled with rage and sadness at what Australian women can suffer.

“I want the scumbags behind this attack to know that the smartest, toughest people in this country are going after you,” she said.

The cybersecurity minister said Medicare would step in to help affected Australians replace their documents and give them any support they needed.

She said she spoke twice Thursday with Medibank chief executive David Koczkar to “clarify” community expectations.

“I don’t want Australians having to go around 14 government departments or areas of Medibank in order to get what they deserve and need,” she said.

“I received assurances from Medibank today that if a big data dump occurs they are fully prepared to provide services when and if needed to Australians who need them.”

Former cybersecurity minister Karen Andrews then posed a follow-up question asking what practical steps the government was taking “instead of just expressing sympathy”.

Ms O’Neil responded by tearing up her predecessor for trying to score political points in such a dire situation.

“It is so unfortunate that at a time like this the opposition wants to politicize the pain and suffering of Australians,” she replied.

“I’m really shocked. I’ve been an MP for nine years and usually at times like this we have a rare opportunity to come together as a parliament to help people.

“I just can’t believe people who are hurting, to whom personal information has been revealed, that you are trying to politicize this. I’m just really shocked.

Ms O’Neil then got personal with Ms Andrews, breaking her record as a minister under former Prime Minister Scott Morrison and accusing her of making the leak worse.

“This is an incredibly embarrassing question from someone who was cybersecurity minister five months ago. This problem did not start on May 22,” she said.

“I would say to those opposite, as I have said many times, that we are about five years behind where we need to be in cybersecurity.

“Do you know who the ministers have been for the past five years? He was the Home Secretary and he was the person who sits in the Leader of the Opposition’s chair (Peter Dutton was a minister before Mrs Andrews).

“We would like to work together with those opposite to solve what is an urgent national problem which is at the root of their creation.”

Ms O’Neil called on the opposition to help fight to make Australia better ‘whenever they are ready to stop shamelessly politicizing every issue in this parliament’, as she has been doing for the past decade.

The ransomware group started posting Medibank data on the dark web in the early hours of Wednesday morning under files named “good-list” and “naughty-list”.

The first wave included names, dates of birth, addresses, email addresses, phone numbers, health claims information, health insurance numbers for Medibank AHM customers and phone numbers. passport for international student customers.

Some of the data is said to contain the identity of women who have had abortions, fetal abnormalities, molar pregnancy, readmission for complications such as infection and miscarriages.

Medibank released an update to 9.7 million past and present customers on Thursday

The list of abortions also includes those who have had ectopic pregnancies where the embryo develops outside the uterus and must be terminated to save the mother.

Health insurance codes for cocaine addicts and people with mental health problems were also reportedly among the stolen data, along with 500,000 healthcare claims.

In a message posted on the dark web early Thursday, the hackers demanded $10 million ($15 million).

In a cheeky offer, the hackers also said Medibank could negotiate up to $9.7 million, or $1 for each affected customer.

The hackers threatened to continue publishing sensitive details of customers’ medical procedures.

“Adding another abortions.csv file…,” the message reads.

‘The company is asking us for a ransom, it’s 10 million dollars. We can make a discount of 9.7 million $1 = 1 customer.’

Mr Koczjar said the release of the data was shameful.

“The weaponization of people’s private information for the purpose of extorting payments is malicious and an attack on the most vulnerable members of our community,” he said.

“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking treatment.”

Hackers began leaking Medibank customers' medical histories and procedures, including abortions

The Australian Federal Police are stepping up efforts to catch those behind the massive data breach and are coordinating with state and territory police to support those at risk of identity theft.

Operation Guardian, which was set up to tackle the recent Optus hack, is being expanded to investigate the theft of Medibank data.

“If any members of the community believe they are at imminent risk, they should contact triple zero immediately,” AFP Assistant Commissioner for Cyber ​​Command Justine Gough told AFP.

Medibank has confirmed that the details of nearly 500,000 health claims were stolen, along with personal information, after the anonymous group hacked into its system weeks ago.

No credit card or bank details were consulted.