In a move that will horrify healthcare companies, the Russian hackers responsible for the Medibank cyberattack have begun posting the stolen data online with what appears to be a clear intent to embarrass individual patients.
The data includes names and home addresses, birth dates and Medicare details.
However, it also identifies some HIV-positive people and others with drug addictions or mental health issues. The decision to target vulnerable patients has been slammed by Medibank and political leaders.
"The files appear to be a sample of the data that we earlier determined was accessed by the criminal. We will continue to work around the clock to inform customers of what data we believe has been stolen and any of their data included in the files on the dark web and provide advice on what customers should do," said the company.
"We expect the criminal to continue to release files on the dark web," it said.
Medibank says it will not pay the ransom demanded by the hackers.
The company said it is working with the federal government, including the Australian Cyber Security Centre and the Australian Federal Police.
Medibank CEO David Koczkar said, “We unreservedly apologise to our customers. This is a criminal act designed to harm our customers and cause distress."
“We take seriously our responsibility to safeguard our customers and we stand ready to support them,” he said.
Home Affairs Minister Clare O'Neil described the attack as "disgusting".
"I don't have words to express the disgust I feel at crimes of this nature," she said.