According to a news report by Gizmodo AU, the information that Medibank experienced a cyber problem was made public. It turned out to be worse than Medibank initially believed, and the cyberattack is making it possible for the company to become the next victim of an Australian data breach.

On October 12, the private health insurance informed shareholders that it had suffered a “cyber incident.” It said that in reaction to the problem, the organisation hired specialised cybersecurity companies and moved quickly to contain it. 

At the time, Medibank asserted that there was no proof that the cyberattack had gained access to any sensitive data, including client information.

On October 17, it maintained that there was still no proof that client data had been taken from its IT infrastructure despite ongoing investigations. According to Medibank, it has strengthened the integrity of its systems by deploying new security measures throughout its network. Additionally, the company stated that although the ransomware threat had been neutralised, it was “remaining vigilant” and “will take necessary steps in the future to protect its operations and its customers’ data.” Ransomware is therefore implicated (not something disclosed at first).

But things got complicated from Wednesday, October 19th.

Medibank claimed it had communications from a group that “wishes to negotiate with the company regarding their alleged removal of customer data” in a statement released via the ASX. In this discussion, the hackers are threatening to divulge the personal medical data of well-known Australians unless a ransom is paid.

“This is a new development and Medibank understands this news will cause concerns for customers and the protection of their data remains our priority. Medibank is working urgently to establish if the claim is true, although based on our ongoing forensic investigation we are treating the matter seriously at this time,” the announcement disclosed. 

According to Medibank, the culprit claims to have stolen data. Names, addresses, dates of birth, Medicare numbers, insurance policy numbers, phone numbers, and claim data, such as the place where a patient obtained medical services and codes pertaining to their diagnoses and procedures, are included in this information.

The perpetrator claims to have obtained other information such as credit card security. However, this has yet to be verified by Medibank. 

While Medibank has stated that there is nothing clients need to do, you may contact them if you are worried or need to do something with Medibank by phoning 13 23 31 or visiting this webpage for the updates.

Inline Feedbacks
View all comments

In recent years, Austrlian governments have increased the data that must be retained by organisations well beyond that which is strictly necessary, while not requiring anything meaningful about cyber security. These breaches are only going to continue to occur with ever increasing numbers of Australians suffering identity theft as a result.


And what about the breach with Energy Australia. We aren’t hearing a lot about that one.