Login
iscover
UPDATED: Investigations by the health insurer have revealed the cyber hack accessed vast amounts of personal and health data.
Newsletter
Medibank breach could compromise up to 4 million
26 October 2022
•
10 minute read
Information on up to 4 million Medibank customers could have been accessed by cyber criminals in the recent hack with the health fund’s investigation revealing the breach was more widespread than initially thought.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
Australia’s largest health insurer confirmed yesterday that “significant amounts” of personal and health data had been accessed or removed, including:
- All ahm customers’ personal data and significant amounts of health claims data.
- All international student customers’ personal data and significant amounts of health claims data.
- All Medibank customers’ personal data and significant amounts of health claims data.
“We expect that the number of affected customers could grow substantially,” Medibank said.
“Our priority is to continue working to understand the specific data that has been taken for each of our customers so that we can contact them directly to let them know.”
Medibank said its IT systems had not been encrypted by ransomware and it expected the breach to cost $25 million to $35 million.
Medibank shares, which resumed trading yesterday following suspension last week, had plummeted 18 per cent by the end of the day to $2.87.
The marketing manager of cyber security specialist Eftsure, Niek Dekker, said the absence of dark web activity over the Medibank hack was in contrast to the amateurish ransom demands made in the wake of the Optus breach.
“These criminals that did it now will be a lot more careful not to draw too much attention after they got the data … let it all cool off a bit and then sell their data.”
CPA Australia senior policy manager Gavan Ord said the fact that one cyber incident could impact so many people was an unfortunate sign of the times.
“If big corporates are finding cybersecurity tough to manage, it's fair to say small and medium businesses will be struggling too,” he said.
“Businesses need to recognise the risks and take steps to mitigate them. Every company needs to protect their customers’ information and have a plan in place in case they experience a data breach.”
Earlier in the week, the insurer rolled out a support package that includes financial support, reimbursement of fees for replacement documents and monitoring for those customers whose primary ID has been compromised.
Medibank said it was working with Australia’s banks and relevant government departments to help them take additional steps to increase monitoring of affected customer accounts.
Initially Medibank said no data had been removed in the October 12 breach, but the hackers have claimed to have sent customer information, including addresses and Medicare numbers, to support a ransom demand.
With 3.8 million customers and a requirement to keep records of previous customers for 25 years, more than 4 million people could be affected.
Medibank CEO David Koczkar apologised to customers and said it was deferring premium increases until January.
“As we continue to uncover the breadth and gravity of this crime, we recognise that these developments will be distressing for our customers, our people and the community – as it is to me,” Mr Koczkar said.
“We stand ready to support our customers with identity, financial hardship and mental health support.
“We recognise the distress that this is causing our customers, which is why we are deferring premium increases for our customers until 16 January 2023.”
You need to be a member to post comments. Become a member for free today!
