NewsBite

Advertisement

This was published 8 months ago

Compensation for Medibank hack victims could be fast-tracked

By Colin Kruger

The privacy watchdog is now proceeding with a representative complaint filed on behalf of millions of Medibank cyberattack victims, which could fast-track compensation claims.

In February, Medibank lost an application in the Federal Court to stop the Office of the Australian Information Commissioner (OAIC) from proceeding to investigate the complaint and has now confirmed it did not appeal the decision.

Medibank is Australia’s largest private health insurer.

Medibank is Australia’s largest private health insurer.Credit: Steven Siewert

When launching the legal action last year, Medibank argued that an injunction would prevent multiple overlapping proceedings from taking place – a reference to the class action in the Federal Court, which is also seeking compensation for victims.

Charles Bannister, who is running the OAIC complaint along with Maurice Blackburn, says the representative complaint is a far better option for victims, given that the class action could take years and litigation funders get a significant slice of the payout.

“We have no funder taking a slice, and we are cheaper, better and quicker,” he said. Bannister said it is possible that the OAIC will finalise its investigation this year.

“The investigation of the commissioner appears to be well progressed,” he said.

The representative complaint could use the Privacy Act to get compensation for these victims if an OAIC investigation finds Medibank’s cyberprotection was inadequate.

A crucial point aiding the representative complaint is that the Medibank application did not seek to prevent the commission – headed by commissioner Angelene Falk – from continuing its own investigation into the hack. The OAIC’s ongoing investigation is to determine whether the company should face multimillion-dollar fines for inadequate cyber preparation.

Advertisement

The same investigation can be used to inform whether victims registered under the representative complaint can get compensation.

The OAIC declined to comment on the progress of its investigation into the Medibank cyber breach.

Loading

In October 2022, criminals accessed basic account details of 9.7 million current and former Medibank customers, as well as the health claim data for about 160,000 Medibank customers, 300,000 customers of its budget arm, ahm, and 20,000 international customers. It was one of the worst cyber breaches ever reported.

Under the Privacy Act, if the commissioner decides that compensation should be awarded, it can specifically compensate people for humiliation and distress.

This would be much harder under a class action, which deals more with economic loss. A claimant who had intensely private medical information released may not be eligible for compensation.

In a recent case, the OAIC published a table with compensation bands for different levels of privacy breaches. At the highest band – extreme loss or damage resulting from the data breach – compensation ranges from $20,000 to $50,000.

Bannister says they have surveyed more than 20,000 people who registered for the representative complaint about the level of impact. More than 80 per cent reported symptoms of low to moderate anxiousness and distress. About 15 per cent reported symptoms of significant anxiety, hurt and fear. This included victims who reported that the privacy breach either exacerbated or led to the development of mental health conditions.

About 1 per cent reported extreme levels of hurt and distress. Bannister says this should be a fair representation of the 10 million Medibank customers affected by the hack. “This cross-section appears accurate to me in terms of severity,” he said.

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.

Most Viewed in Business

Loading

Original URL: https://www.brisbanetimes.com.au/business/companies/compensation-for-medibank-hack-victims-could-be-fast-tracked-20240405-p5fhrl.html