Hacking turn for worse
‘Distressing development’ in Medibank saga
MEDIBANK has confirmed a new “distressing development” in the company’s cybercrime attack, with the health insurance giant confirming that data from its main brand was compromised alongside that of ahm and international students.
The insurance provider said on Tuesday it had deferred premium increases in a move estimated to cost the company north of $50m.
The stolen data includes customers’ names, addresses, contact information, claims information and birth dates.
“This is a distressing development and Medibank unreservedly apologises to our customers,” the company said in a statement.
“As we continue to investigate the scale of this cybercrime, we expect the number of affected customers to grow as this unfolds.
“Given the distress this crime is causing our customers we will also defer premium increases for Medibank and ahm customers until 16 January 2023.”
Medibank said that because of the complexity of the data it had received, it was too early to know the full extent of the customer data that had been stolen. The company has nearly 4 million customers nationally.
Medibank, which is Australia’s largest private health insurance provider, said it had received a file of 1000 further policy records from the hacker, including personal and health claims data. Last week it received a file containing 100 ahm policy records.
It also flagged an announcement later on Tuesday for a comprehensive customer support package, which will include 24/7 mental health and wellbeing support; support for customers who are in uniquely vulnerable positions; and access to specialist identity protection advice with IDCARE for all customers.
“I unreservedly apologise to our customers who have been the victims of this serious crime,” chief executive David Koczkar said.
“As we continue to uncover the breadth and gravity of this crime, we recognise that these developments will be distressing for our customers, our people and the community – as it is to me.
“This is a malicious attack that has been committed by criminals with a view of causing maximum fear and damage, especially to the most vulnerable members of our community.
“We continue to work closely with the agencies of the federal government, including the ongoing criminal investigation into this matter. We thank them for their ongoing support and assistance.”
As reported on Monday, the criminal behind the Medibank data hack bought login credentials to gain access to the network from an online Russian criminal forum and did extensive reconnaissance before collecting the data, which experts estimate would have lasted months.
Medibank last week revealed it had up to 200 gigabytes of data stolen from its servers, including customers’ intimate health information and even the location of treatments.
Home Affairs Minister Clare O‘neil said the latest Medibank development was “deeply concerning” and she had been in contact with Medibank and top security agencies from the very beginning.
“The Australian government recognises that this incident is very stressful for affected Australians,” she said.