The dark web blog which hackers were using to leak stolen Medibank Private data temporarily vanished last week, as Medibank continues to refuse a ransom pay-out.
After health insurer Medibank suffered one of the largest Australian data breaches of the year, the criminals behind the attack slowly took to trickling out stolen customer data on a dark web blog they own.
The hackers first published a stolen subset of data in early November, and continued up until a 20 November release of about 1,500 patient records, which included sensitive information regarding mental health treatment and heart disease.
Shortly after this latest set of customer data was released, the dark web blog suddenly went offline without explanation some time between 21 and 22 November.
Before anyone could get their hopes up, however, it was found that the file server which holds the stolen Medibank customer data had remained online.
The leak site came back online a few days later, however no new customer data has been published on it since.
The now silent hackers originally demanded a $15m ransom pay-out (US$10m) for the stolen data, which Medibank has staunchly refused to pay.
This decision to forego a ransom was backed by the Australian Government, and despite the continuous leaks appearing on the dark web, Medibank shows no signs of changing its stance.
"There is no doubt that rejecting the ransom demand was the right thing to do," said Medibank CEO David Koczkar.
"While we unreservedly apologise for the impact of the release of the data, we cannot as a community, pay criminals who are likely to continue to extort us all – particularly when there is no guarantee that the criminal would ever delete the data.
"As I’ve said before, you cannot trust a criminal," said Koczkar.
Furthermore, despite conceding all Medibank customer data was accessed during the incident, Medibank recently confirmed only policyholder customers of its budget ahm brand have had private health data illegally released by the hackers behind this attack.
The health insurer also noted a sizable portion of the data released by the hackers was outright incorrect.
"The data that’s actually on the dark web is sometimes not accurate. It’s not complete," said Koczkar.
Whether the hackers will continue to leak data is unknown, but the threat of potential private data trading on the dark web remains prominent.
Among the records accessed during the Medibank data breach were Medicare and passport numbers, visa details, and a significant amount of health claims data including codes associated with diagnosis and the procedures administered.