Security News > 2022 > November > Breached health insurer won't pay ransom to protect customers, warns of more attacks

Australian health insurer Medibank - which spent October discovering a security incident was worse than it first thought - has announced it will not pay a ransom to attackers that made off with personal info describing nearly ten million customers.

"Based on the extensive advice we have received from cyber crime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers' data and prevent it from being published," CEO David Koczkar stated in a stock market filing published on Monday.

The update also revealed that Medibank believes "All of the customer data accessed could have been taken by the criminal" and recommends "Customers should remain vigilant as the criminal may publish customer data online or attempt to contact customers directly."

Which leaves the insurer not paying a ransom so the attackers don't go after customers directly, while also warning customers they're at risk of direct attack.

While credit card and banking details were not accessed, info describing medical services used by around half a million customers is out there somewhere.

The Australian national health scheme ID numbers of 2.8 million customers were also leaked.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/11/07/medibank_breach_n0_ransom_payment/