It has been reported that Medibank Private Ltd, Australia’s biggest health insurer, on Monday said no ransom payment will be made to the criminal responsible for a recent data theft, wherein around 9.7 million current and former customers’ data was compromised. Highlighting findings of the firm’s investigation to date, Medibank confirmed that name, date of birth, address, phone number, and email addresses for around 9.7 million current and former customers were accessed in the data theft.
Medibank is correct in saying that paying the ransom will not ensure that the bad actors responsible would return or avoid publishing the customer data it stole. However, this also means that customers are at an increased risk of having their personal info exposed or used by other bad actors. While Medibank did warn its customers to be “vigilant as the criminal may leak the data online or attempt to contact customers directly,” it did not offer any assistance to said customers, such as offering credit monitoring or similar protective services. In my opinion, this is inexcusable. While I am not familiar with how health insurance works in Australia, If I were a Medibank customer, I’d look elsewhere for my health coverage.
According to the data collated through our Worldwide Ransomware Tracker, just less than 18 percent of ransom demands have been paid (where companies confirm whether or not they have paid). However, companies are far more likely to confirm they haven’t paid than if they have as many feel admitting to paying ransoms leaves them exposed to future attacks. Companies may feel they have no choice but to pay a ransom if their systems are crippled by the attack and they are forced offline for an indefinite period of time. Fortunately, Medibank’s systems seem to have been largely unaffected by the attack which may have helped in the decision not to pay the ransom.
However, choosing not to pay often results in stolen data being published for sale on the dark web/hacker’s forums. In the case of Medibank, this could mean that the data of nearly 10 million customers will be exposed by the hackers. Medibank may then face the cost of offering identity theft protection services for its customers. This cost, alongside other mediation efforts, could exceed the ransom demand from the hackers. The amount demanded from Medibank is still unknown but, according to our latest data, the average ransom demand for 2022 is $6.26 million.
However, as Medibank states, paying a ransom does not guarantee that the data will be destroyed and/or customer records will not be exploited.
If we’ve learned anything about the global ransomware economy over the past few years, it’s that you can’t pay your way out of the problem. My heart goes out to Medibank and every company in Australia and around the world that has been victimised by gutless and soulless cyber criminals profiting off the backs of companies; and to consumers that are often swept up into the drama when an organisation’s proprietary data is stolen. Medibank has clearly engaged many stakeholders in the process of restoring its own services and I’m praying the impact on their customers is minimal as you can’t overlook the fact that proprietary information on nearly 10 millions customers has been exposed.
Today, it is important not to bayonet the wounded as Medibank and many other companies have talented and dedicated security professionals working around the clock to prevent these incidents. Start getting security right and to close the expanding digital footprint as much as possible to limit the ability of criminals to gain a foothold in your organisation. Ransomware can be defeated. In fact, many organisations prepare in peacetime and run tabletop exercises to identify weak points in their network. Also, the right way for businesses to operate is by assessing risk with trusted agents on a regular basis, then to look at mitigating risks with customers, partners and vendors. Also, every organisation should be deploying endpoint detection & response software across their endpoints and cloud environments as it’s one of the best ways to stop ransomware.