'Scumbag' Medibank hackers start data post

Medibank has warned more customer data stolen by hackers, including passport numbers, will be uploaded to the dark web after the first files were dropped overnight.

The data trickle includes names, birthdates, addresses, email addresses, phone numbers, health claims information, Medicare numbers for Medibank's ahm customers and passport numbers for international student clients.

There are grave concerns digital criminals will exploit the data, which began appearing on a ransomware group's blog in the early hours of Wednesday under "good-list" and "naughty-list".

"The files appear to be a sample of the data that we earlier determined was accessed by the criminal," Medibank said on Wednesday.

"We expect the criminal to continue to release files on the dark web."

Medibank has promised to tell customers what data it believes has been stolen, if any of their data is included in the files on the dark web and give advice on what to do.

Cyber Security Minister Clare O'Neil labelled the hacking the "lowest of lows", noting that while only a small number of people's personal health information had been shared so far, that was likely to change.

"I cannot articulate the disgust I have for the scumbags who are at the heart of this criminal act," she told parliament.

"People are entitled to keep their health information private, even amongst ransomware attackers, the idea of releasing personal medical information of other people is considered beyond the pale."

Ms O'Neil said Australia's cyber security was five years behind where it needed to be and the government was working hard to rectify that.

The Australian Federal Police have expanded their joint initiative with state and territory police set up to investigate September's Optus data breach to also target the Medibank hack.

"Operation Guardian will be actively monitoring the clear, dark and deep web for the sale and distribution of Medibank Private and Optus data," AFP Assistant Commissioner Cyber Command Justine Gough said.

"This is not just an attack on an Australian business. Law enforcement agencies across the globe know this a crime type that is borderless and requires evidence and capabilities to be shared."

Medibank had rejected hacker demands it pay a ransom in return for the data not being released.

The ransomware group indicated in a post seen by AAP, it was releasing data bit by bit because of its complexity.

"Looking back that data is stored not very understandable format (table dumps) we'll take some time to sort it out," the post accompanying the lists said.

"We'll continue posting data partially, need some time to do it pretty."

The hackers also appeared to have released screenshots of private messages recently exchanged with Medibank representatives.

Medibank has previously confirmed that details of almost 500,000 health claims have been stolen along with personal information, after the unnamed group hacked into its system weeks ago.

Some 9.7 million current and former customers have been affected.

No credit card or banking details were accessed.

Deputy Liberal leader Sussan Ley called on the government to release money put aside by the former coalition to bolster business defence against hackers.

"Release the $60 million of funding we had put aside in grants that would go towards organisations to make them more resilient in the face of cyber attacks," she told reporters.

"We need a plan to address the concerns of everyday Australians, particularly when their sensitive health information has been leaked."