The release of personal health data of millions of Australia could drag on for months, the minister has warned, as ransomware hackers began publishing stolen data on the dark web.
Subscribe now for unlimited access.
or signup to continue reading
Home Affairs Minister Clare O'Neil described the criminals behind the serious cyber attack against health insurer Medibank as "scumbags" and "disgraceful human beings" as the federal government grapples with how to solve the problem.
The ransomware group began posting client data stolen from Australia's largest health insurer on the dark web on Wednesday morning.
Hundreds of names, addresses, birthdates and Medicare details were being posted under "good-list" and "naughty-list" on a blog belonging to the group.
Speaking at an ANU National Security College event in Canberra on Wednesday morning, Ms O'Neil described the attack as "disgusting".
"I don't have words to express the disgust I feel at crimes of this nature," she said.
"They are just disgraceful human beings and we need to step up and do everything we can to fight back against them."
She reiterated the attack during Question Time, calling the cyber criminals "the lowest of the low", warning the situation may affect Australians for many months to come, "not days and hours".
"Even amongst ransomware attackers, the idea of releasing [the] personal medical information of other people is considered beyond the pale," she said.
The government frontbencher said she had activated the National Coordination Mechanism, the first time it's been used for a cyber attack, allowing the government and the private sector to work together in order to "solve the problem".
"It was set up to deal with the most difficult, intractable, urgent problems that were being experienced at that time," Ms O'Neil said.
"It is an unbelievably effective way for us to elevate the urgency of a problem across all levels of government and community and business and to bring together people who need to work together to solve a problem who may not used to be working together."
READ MORE:
The hackers had demanded a ransom to stop them from releasing the data, but Medibank earlier this week said it would not pay it because it would encourage further crime.
Ms O'Neil added it was crucial for Australians to know that paying the ransom would not have prevented the situation from happening.
"What we see so often with these incidents is that companies, in desperation, pay a ransom and then the data is used to re-victimise and re-victimise, and re-victimise," she said.
"We cannot live in a world where people can do this sort of thing and benefit financially from it.
"This enables and empowers the very disgraceful human beings who are at the heart of this and we cannot allow that to happen."
Shortly after midnight, the ransomware attackers posted the first lists.
"Looking back that data is stored not very understandable format (table dumps) we'll take some time to sort it out," the attackers said in the early hours of Wednesday.
"We'll continue posting data partially, need some time to do it pretty."
The hackers also appeared to have revealed screenshots of private messages recently exchanged between themselves and Medibank representatives.
Medibank has previously confirmed almost 500,000 health claims were stolen, along with personal information, when the unnamed group hacked into its system weeks ago.
Some 9.7 million current and former customers have been affected.
No credit card or banking details were accessed.
- with AAP