App craze an attack risk
ACCC warning over health fund data honeypots
HEALTH insurers are creating honeypots of customer data via rewards schemes and wellness apps, heightening the risk of another Medibank-style cyber attack, Australia’s consumer watchdog warns.
A proliferation of smartphone apps and customer reward programs have rippled across the health insurance industry as funds seek to attract and retain policyholders.
But the Australian Competition and Consumer Commission has warned health insurers they must be “alive to the sensitive nature of the personal information they may be collecting and using”, particularly in the wake of the Medibank attack.
The regulator also warned that data harvested from wellness apps and rewards schemes could be used for other purposes – including health funds sharing or selling information to third parties.
“Insurers have continued to develop new schemes and build on existing programs which may allow them to access, use and, in some cases, share consumers’ personal information,” the ACCC said in a report to the Senate.
“A recent cybersecurity incident impacting Medibank also highlights the risks that arise when businesses collect large amounts of sensitive data. Insurers should weigh up these risks when considering new measures to collect consumer data, and should have sufficiently robust measures in place to protect against cybersecurity threats.”
Health and wellness has been pulled into focus as Covid-19 has up-ended the way we live, work and play.
Actor Chris Hemsworth’s Centr app has a valuation of $US200m ($A294.3m) after it was snapped up by HighPost Capital.
Meanwhile South Australia’s Kayla Itsines and Tobi Pearce sold their Sweat app to US software giant iFit Health & Fitness for $400m last year, and Richmond AFL star Dustin Martin has begun sharing his training and mindfulness tips via his own app, Drip.
Early in the pandemic, Bupa offered its members three months’ free access to former Bachelor star Sam Wood’s fitness program – with the aim of keeping people out of hospital and paying out expensive claims – and creating more customer value.
Medibank created its Live Better app in 2019 and so far has about 500,000 members. It also features a platform offering rewards to members who complete health initiatives.
But the amount of data companies collect and retain has been questioned after Russian hackers infiltrated Medibank’s customer database.
Parliament last week increased the maximum penalties for serious or repeated privacy breaches, from $2.22m to whichever is the greater of $50m; three times the value of any benefit obtained; or 30 per cent of a company’s adjusted turnover in the period.