Police have confirmed a Russian network with global affiliates was behind the hacking of customer data held by Australia's largest health insurer Medibank.
"We believe those responsible for the breach are in Russia," Australian Federal Police commissioner Reece Kershaw told reporters in Canberra on Friday.
"Our intelligence points to a group of loosely affiliated cyber criminals who are likely responsible for past significant breaches in countries across the world."
Some affiliates of the organisation may be operating in other countries.
Mr Kershaw said the crime had the potential to impact millions of Australians and damage a significant Australian business.
"This cyber attack is an unacceptable attack on Australia and it deserves a response that matches the malicious and far-reaching consequences that this crime is causing," Mr Kershaw said.
Mr Kershaw said talks would be held with Russian law enforcement about the individuals involved, who were known but would not be publicly named at this stage.
"Australians are angry, distressed and seeking answers about the highly sensitive and deeply personal information that is being released by criminals," he said.
He emphasised Russia benefited from the global sharing of intelligence through Interpol "and with that comes responsibilities and accountabilities".
Prime Minister Anthony Albanese earlier told reporters he was "disgusted by the perpetrators of this criminal act", as he authorised the AFP boss to disclose the information.
The hackers had thumbed their noses at the government after being warned the toughest "cyber guns" in Australia are coming after them, releasing more sensitive details of customers' medical records on the dark web overnight.
The ransomware group added a file named "Boozy.csv" to the dark web, which appears to contain information related to alcohol issues after a data dump on Thursday named "abortions.csv".
The group claimed on Thursday it had demanded a ransom of $US1 for each of Medibank's 9.7 million affected customers, for a total of $US9.7 million (almost $A15 million).
Medibank CEO David Koczkar said he expected the "disgraceful" release of customer data to continue each day.
"It's obvious the criminal is enjoying the notoriety," he said.
"These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care."
Home Affairs Minister Clare O'Neil said she felt the pain of those affected.
"There is an enormous amount of work that has gone into trying to stop harm resulting from this, trying to wrap our arms around the victims of this horrible crime," she told Nine's Today Show.
It's believed the hackers are using medical reference codes to sift through the data they stole to generate files on specific health issues.
The AFP and the Australian Signals Directorate were the "cyber guns" of the federal government and were working hard to disrupt the hackers, Ms O'Neil said.
The first wave of files dropped on Wednesday included names, birthdates, addresses, email addresses, phone numbers, health claims information, Medicare numbers for Medibank's ahm customers, and passport numbers for international student clients.
Almost 500,000 health claims have been stolen, along with personal information, after the group hacked into its system last month.
Medibank has created a one-stop shop of mental health and other support services that can be accessed by affected customers via its website.
Lifeline 13 11 14
beyondblue 1300 22 4636