This was published 2 years ago
What we know about Medibank hack, and what should customers do?
By Colin Kruger and Nick Bonyhady
What has happened?
Medibank Private detected a cyberattack on its systems last Wednesday. It has since confirmed hackers have at least accessed data on the systems of its budget arm, ahm, and international student division, which together have about 1 million customers. The data includes names, addresses, birthdates, Medicare numbers, contact information and claims data from the private health insurer.
The exact number of people who have had data stolen is not known, but Medibank confirmed that details of 100 policyholders sent to it by the hackers match its records. The customer details are believed to come from ahm and its international student policyholders. These students are required to have private health insurance when they study here. It is not know if customers of its core Medibank brand are also affected.
The Sydney Morning Herald and The Age first revealed the hackers’ threat, in which the unknown group said they would sell 200 gigabytes of stolen data unless Medibank paid a ransom. It contains a threat from the hackers to first target 1000 high-profile Australians with their own data as a warning.
Medibank has a total customer base of close to 4 million customers.
What did it initially do?
Medibank said on Wednesday last week that it had taken immediate steps to contain the incident, such as taking its ahm and international student policy management systems offline. It said at the time there was no evidence of customer data being accessed. On Monday this week, it maintained there was no evidence customer data had been taken but added that investigations were ongoing.
On Wednesday, Medibank confirmed it had received a ransom note from an unidentified group which said it had gained customer data. The private health insurer said at the time it was working to establish whether the claim was true.
Medibank on Thursday confirmed it had received a sample of data on 100 customers from the hackers, which it said was authentic, and warned that it expects the number of affected customers to grow substantially in coming days.
How does this compare to the Optus hack?
It is not clear yet because we don’t know enough about the nature of the respective hacks, but the data that appears to have been stolen here is much more sensitive. It could include data that would let a criminal tell that someone had received treatment for a substance addiction, for example. Home Affairs Minister Clare O’Neil has branded threats to make that information public a “dog act”.
The maximum size of this hack also appears to be smaller than the Optus hack, because Medibank counts about 4 million customers while Optus has about 10 million. However, past customer numbers are an unknown element.
What is Medibank doing about it?
Medibank chief executive David Koczkar has offered his unreserved apologies for “this crime which has been perpetrated against our customers, our people, and the broader community.” The company has sent several emails to customers and will provide further information to those in the sample data sent by the hackers.
It has set up dedicated hotlines to respond.
Australia’s cybersecurity agency, the Australian Signals Directorate, is assisting Medibank, as are private cybersecurity companies including CyberCX. The Australian Cyber Security Centre, a government agency that works with the nation’s top online spies, is also assisting. The Australian Federal Police have launched a criminal investigation. Government staff are embedding with Medibank to assist with the response.
Should Medibank customers change their Medicare numbers?
Medibank said the data from the 100 people sent by the hackers includes Medicare numbers. It is working with Services Australia to provide advice on how to protect their Medicare numbers. The hackers have also claimed they have stolen credit card information, but that has not been verified.
What should customers do?
Be wary. Keep an eye out for offers, customer support calls or even scam warnings that ask for approvals or passwords. Even if these use your real name or phone number and appear to come from a company that isn’t Medibank, they could be exploiting data from the hack. Verify any communications by independently contacting the company that appears to have sent them. Never click on suspicious links. Do not give out passwords.
Ahm can be contacted on 13 42 46 and Medibank’s number for hack inquiries is 13 23 31. Cybercrime can be reported to the government here.
I haven’t been contacted by Medibank, but I am a customer, does that mean I haven’t been affected?
No. Medibank is currently contacting the 100 people whose information was sent to it by the hackers. Medibank said it expects the list of affected customers to grow and will contact these people at that time.
I’m not a Medibank customer now but I was in the past, am I safe?
Medibank has not determined yet whether past customers are also affected by the hack, but it is possible, and some former customers have received emails from Medibank alerting them to the breach.
Has the stolen information been published anywhere?
Not that we know of. The hackers have threatened to contact customers directly, but this does not seem to have happened yet. It is common in situations like this for companies to receive a ransom demand before information is published.
Where is the hacker from?
There has been no information to indicate where the hackers are based, whether they are one person or many or whether they are state-linked.
Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.