Names, addresses and reasons for admission are said to be among the records stolen since January 2021 under the SA Health’s My Home Hospital project.

Wellbeing SA chief executive Lyn Dean told ABC Radio parts of the Medicare numbers could be leaked, but “not the whole lot”.

Ms Dean passed the blame onto Medibank on Friday morning, but said there is a hardship package available for anyone involved in the data leak.

The package would provide financial support, access to mental health services, special identity protection, free identifying monitoring services and reimbursement of fees for identity documents.

After The Advertiser began inquiries on Monday Medibank confirmed more than 4400 South Australians, some who may not be Medibank clients, face having deeply personal medical records made public.

The cyber ransom scandal has hit almost four million Medibank customers, causing its share price to plummet by $1.7bn.

Medibank released a statement to The Advertiser saying: “It has become clear overnight that the criminal has accessed patient information relating to My Home Hospital.

“My Home Hospital is a service delivered by a joint venture between Calvary and Medibank on behalf of Wellbeing SA and the South Australian Government.

“The data accessed includes personal information and some health data.”

Medibank has begun directly contacting affected patients and say any patients admitted to My Home Hospital on or after 13 October 2022 have not been affected.

“While Medibank has not yet determined if the data has been illegally taken from our system, we know it has been accessed,” a spokeswoman said.

“We unreservedly apologise to our patients who have been the victims of this very serious crime. We appreciate this will be distressing for patients.

“This cybercrime event is subject to a criminal investigation by the Australian Federal Police and the Federal Government has activated the National Coordination Mechanism to bring together agencies across the Federal Government, states and territories.”

Medibank has established a dedicated phone support service for My Home Hospital patients on 1800 081 245.

The My Home Hospital project is administered by Medibank and Calvary for SA Health patients well enough to receive hospital care in their own home.

SA Health says “only the conditions relevant to the referral to My Home Hospital would be included in the health data that had been accessed as part of the wider Medibank information breach.”.

A statement from Lyn Dean, Chief Executive of Wellbeing SA said: “Wellbeing SA was informed by Medibank that the personal information and health data of approximately 4400 My Home Hospital patients had been accessed as part of the wider Medibank information breach.

“We have been working with Medibank since the original Medibank data breach was discovered. Up until yesterday we were told that there was no identified impact to our patients, however this information was revised late last night.

“All of the patients impacted by the data breach are being contacted by Medibank to inform them of the situation and what actions they can take.

“My Home Hospital patients who accessed the service for the first time on or after 13 October are not impacted by the breach.

“My Home Hospital patients are the only SA Health patients aligned with Medibank and therefore the only ones who could have been affected.

“We understand this incident is distressing for our patients, and encourage anyone who has concerns about the breach to contact Medibank.”

Health Minister Chris Picton blamed the previous government for establishing My Home Hospital, saying: “We will now examine the terms of the contract signed by the former Liberal Government as to whether it has been complied with and whether the outsourcing contract contained sufficient protections.”

More Coverage

Medibank hack deepens with millions under threat

JARED LYNCH

I’m a Medibank customer: What should I do now?

David Swan