NewsBite

Updated

Health giant Medibank confirms major data breach

Hackers are holding the private health information of Australians to ransom following a data breach at one of the country’s largest insurance providers.

Medibank hit by data breach as hackers threaten ransom

Health insurance giant Medibank has confirmed its customers’ data appears to have been hacked by criminals in a major cyber security breach last week.

While initially playing down the impact of the attack, on Wednesday the company confirmed it had been contacted by the criminals who claim to have stolen 200GB of data.

“The criminal has provided a sample of records for 100 policies which we believe has come from our ahm and international student systems,” the company said in a statement.

Data accessed by the criminals includes first and last names, phone numbers, addresses, dates of birth, Medicare numbers, policy numbers and claims data.

Insurance claim data includes sensitive medical information relating to conditions and procedures as well the location of where a customer received medical services.

The criminal also claims to have stolen other information, including data related to credit card security, which has not yet been verified by Medibank, the company said.

Medibank said it was in the process of notifying individual customers if their information had been affected and informing them of what steps to take.

Health giant Medibank has confirmed its customer data was breached by criminals. Picture: NCA NewsWire / Paul Jeffers
Health giant Medibank has confirmed its customer data was breached by criminals. Picture: NCA NewsWire / Paul Jeffers

Home Affairs Minister Clare O’Neil called the targeting of health related information a “dog act”.

“Financial crime is a terrible thing but ultimately a credit card can be replaced,” she said.

“The threat that is being made here to make the private personal health information of Australians made available to the public is a dog act.

“That is why the toughest and smartest people in the Australian Government are working directly with Medibank to try to ensure that this horrendous criminal act does not turn into what could be irreparable harm to some Australian citizens.”

The breach is being investigated by the Australian Federal Police with officers placed within Medibank to help minimise the fallout from the breach.

Medibank chief executive David Koczkar apologised for the breach. Picture: NCA NewsWire / Nicki Connolly
Medibank chief executive David Koczkar apologised for the breach. Picture: NCA NewsWire / Nicki Connolly

Ms O’Neil said Medibank initially “assured” the government no customer data had been affected by last week’s breach and that the malicious actors had been removed.

It was subsequently revealed the criminals had made contact with the company and were claiming to have accessed significant amounts of data and were demanding to enter into negotiations.

The data was effectively being held for ransom, Ms O’Neil said.

Medibank said the number of affected customers is expected to grow as the incident continues to unfold.

“I unreservedly apologise for this crime which has been perpetrated against our customers, our people, and the broader community,” Medibank chief executive David Koczkar said.

“I know that many will be disappointed with Medibank and I acknowledge that disappointment.”

Original URL: https://www.news.com.au/technology/online/hacking/health-giant-medibank-confirms-major-data-breach/news-story/35525b57e271aabd74238b99a6d524d3