The Australian government has used never-before-seen sanctions against a Russian for his alleged role in the 2022 cyber attack on Medibank.
Medibank halted trading in October 2022, after receiving ransom demands when more than 9.7 million Australian customers from the health insurer and some of its subsidiaries, including ahm, had their sensitive data breached in a “significant cybersecurity incident”.
Foreign Minister Penny Wong named cyber criminal Aleksandr Ermakov when she announced the sanctions this morning.
“It was an egregious violation. It impacted some of the most vulnerable members of the Australian community,” Wong told reporters in Canberra.
Have you been a victim of a cyber attack? Contact firstname.lastname@example.org
“The sanctions imposed are targeted financial sanctions and a travel ban,” she said.
The data accessed was that of “vulnerable” Australians and included dates of birth, Medicare numbers, and sensitive medical information, some of which was posted on the dark web.
“The use of these powers sends a clear message – there are costs and consequences for targeting Australia and Australians," Wong said.
“The Albanese government will continue to hold cyber criminals to account."
The Australian Signals Directorate and the Australian Federal Police have been investigating the breach over the past 18 months. The government said the sanction used made it a criminal offence, punishable by up to 10 years' imprisonment and heavy fines, to provide assets to Ermakov, or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments.
Home Affairs Minister Clare O'Neil called the cyber criminals "cowards and scumbags who hide behind technology".
"This is a very important day for cyber security in our country," O'Neill added.
The lead applicant of a class action lawsuit over the breach, who did not want his name disclosed, was a customer of ahm. He said he was confident in selecting the insurer when he found out the brand was owned by reputable company Medibank.
“I feel really exposed and unsettled knowing personal information of mine is out there, and there’s nothing I can do about it,” he said.
What information was stolen in Medibank hack?
Between November 9, 2022 and December 1, 2022, Medibank revealed that stolen customer information was progressively released on the internet, including information about customers who were diagnosed with HIV, had received treatment for drug and alcohol addiction and treatment for mental health issues.
At least 9.7 million Medibank customers had personal information - such as names, dates of birth, addresses, phone numbers and email addresses - posted online.
Medicare card numbers of at least 2.8 million Medibank customers were also released, along with health-claims data of at least 480,000 customers. Passport numbers and country of issue, verbal-identification passwords, employers, employee ID numbers and visa details were among an unknown amount of other customer information that was compromised.
What should I do if I am being held to ransom?
The Australian government discourages businesses and individuals from paying ransoms or extortion claims to cyber criminals. If you are asked to pay a ransom you should:
Call the Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371) for cyber security assistance; and
Report the cybercrime, incident or vulnerability to the Australian Signals Directorate at https://www.cyber.gov.au/report