Ransomware hackers stole up to 200 gigabytes from Australian insurer Medibank, a data set that includes identifying information and medical diagnoses.
The company, Australia’s largest private health insurer with 3.9 million customers, has over the course of a week transformed from being confident that it repelled hackers to being apologetic after disclosing Thursday that the incident it first detected Oct. 12 is a data breach.
Medibank now says it’s been contacted by a criminal claiming to have taken 200 gigabytes worth of data from the company – sharing as proof records from 100 policies that contain information such as diagnostic codes, full names and addresses, and the location of medical service delivery.
The company says the hacker claims to also have obtained payment card data, but it hasn’t verified the claim’s veracity. Customer-facing systems remain online but may be temporarily disrupted by security operations.
