In November 2022, major Australian health insurer, Medibank, reported a cyber-attack in which a ransomware group gained access to the data of millions of customers by using the stolen credentials of a user with high privileges. The Medibank data breach has affected more than 4 million people, whose personal identification details and medical histories were exposed.

This series of articles, published in the weeks following the attack, examines how Medibank and its customer responded to the crisis; the impact on Medibank’s bottom line; and the response from the Australian government.

• Health insurer Medibank Private hit by a cyber attack
• Medibank reports a significant cyber security incident
• What we know about the Medibank hack, and what should customers do?
• ‘Display accountability’: Customers vent fury as Medibank suffers $1.7b hit
• Medibank says all customers’ personal data compromised by cyber attack
• Medibank customer data hack could cost up to $150m, according to experts
• Could the Medibank share price be in for way more pain?
• Ransom warning for exposed Medibank customers as insurer reveals grim hack details
• What happens if Medibank hackers release the data
• O’Neil details measures to mitigate Medibank breach harms

Health insurer Medibank Private hit by a cyber attack

Health insurer Medibank Private says it has been hit by a cyber attack. 

The company said “unusual activity” had been detected on its network on Wednesday, but there was no evidence sensitive data, including customer information, had been accessed.

Some customer-facing systems have been taken down which will cause “regrettable disruptions” to some customers, but health services will still be available, Medibank said.

It is the latest cyber attack after the Optus breach last month, which affected millions of customers.

Read more: ABC News, 13 October, 2022

Medibank reports a significant cyber security incident

Medibank, which covers 3.7 million people as of 2021, reported unusual activity on its network on 13 October and immediately engaged a specialised cyber security firm, as well as an investigation into whether any sensitive data, such as customer records, had been illegitimately accessed.

The company also took down access to customer systems in an effort to isolate the incident and reduce the chances of system damage and data loss.

Medibank went on to provide regular, detailed updates on the incident via its website, and on 14 October, announced having already sent around 3.7 million informational emails to current and former customers of Medibank and ahm health insurance – the private health insurance company which operates as a member of the Medibank group.

Read more: Information Age, 17 October 2022

What we know about the Medibank hack, and what should customers do?

The exact number of people who have had data stolen is not known, but Medibank confirmed that details of 100 policyholders sent to it by the hackers match its records. The customer details are believed to come from ahm and its international student policyholders. These students are required to have private health insurance when they study here. It is not known if customers of its core Medibank brand are also affected.

Medibank has a total customer base of close to 4 million customers.

Medibank on Thursday confirmed it had received a sample of data on 100 customers from the hackers, which it said was authentic, and warned that it expects the number of affected customers to grow substantially in coming days.

Read more: The Sydney Morning Herald, 20 October 2022 (paywall)

‘Display accountability’: Customers vent fury as Medibank suffers $1.7b hit

Medibank Private chief executive David Koczkar has defended the company’s handling of a damaging cyberattack amid growing fury from customers and investors over the spiralling data breach that has now affected more than 4 million Australians.

Shares in the nation’s largest private health insurer tumbled 18 per cent on Wednesday, the first day of trading in almost a week, erasing about $1.7 billion from its market value. The decline came after the company confirmed that hackers accessed personal information on all 4 million of its customers and an unknown number of former members, in another escalation of the incident.

Read more: Brisbane Times, 26 October, 2022

Medibank says all customers’ personal data compromised by cyber attack

Medibank has confirmed the criminal entity behind the cyber attack on the company had access to the data of at least 4 million customers, some of which includes health claims.

…

In a statement, the company said its investigation had established all Medibank, ahm and international student customers’ personal data had been accessed in the cyber attack.

Significant amounts of health-claims data were also accessed.

But Medibank is yet to determine whether that means the data has been actually stolen.

Read more: ABC News, 26 October, 2022

Medibank customer data hack could cost up to $150m, according to experts

Medibank is going to foot a hefty bill as remedy needs, class actions and ransom demands spiral out of control following the breach of its customer data…

It’s the latest piece of bad news for Medibank following the hack of its customer data, which has seen the ASX-listed company pause trading for a week and then dive to a 17-month low of $2.95 when it reopened on Wednesday morning...

The scandal now threatens to eclipse the recent Optus breach, with 3.9 million customers potentially affected at Medibank.

Read more: News.com.au, 28 October, 2022

Could the Medibank share price be in for way more pain?

The Medibank Private Ltd (ASX: MPL) share price has tumbled nearly 21% since the company revealed what initially looked to be a relatively benign “cyber incident”.

The known scope of the ‘incident’ has since multiplied. The private health insurer admitted a hacker accessed the personal data – including certain medical information – of all its customers last week.

The Medibank share price plummeted 18% on Wednesday after the company warned the attack could bring a $25 million to $35 million dint to its bottom line.

However, experts are sceptical that the S&P/ASX 200 Index (ASX: XJO) financial stock’s pain will end there.

The Medibank share price currently stands at $2.79.

Read more: The Motley Fool, 31 October, 2022

Ransom warning for exposed Medibank customers as insurer reveals grim hack details

Australians are being warned to brace for personal ransom emails and texts after private health insurer Medibank revealed almost 10 million of its customers have had their information stolen...

Additionally, about 9.7 million Medibank and AHM insurance and international customers have had their names, birthdays, addresses, phone numbers and emails taken by an unidentified ransom group.

And now cyber security experts are warning the hackers may begin trying to individually ransom this information to victims after Medibank confirmed it would not pony up to retrieve the data.

Read more: The Daily News, 7 November, 2022

What happens if Medibank hackers release the data

… In a statement, Medibank said it had received extensive advice from experts that paying the ransom probably wouldn’t protect its customers. The criminals could easily still sell the data, or use it to extort Medibank customers directly. Paying could also have the effect of encouraging more attacks generally, as the attackers would gain more resources, and other groups could be motivated to attack Australian businesses…

Details like Medicare and passport numbers can be changed, which would render the attackers’ data useless. Changing phone numbers and email addresses is more of a burden, and things like birthdates are obviously fixed, so the best protection there is vigilance in clicking on anything received via SMS or email, and making sure online accounts are secured with unique passwords and two-factor authentication. It’s important to note that once data like this is dumped online it tends to stick around for a long time. Customers are not only at short-term risk of receiving a higher number of phishing emails, but the data could be combined with other details long into the future to craft new attacks. The health data is the most problematic, as attackers could conceivably use it to extort or harass victims for years, as we’ve seen with previous sensitive data leaks such as the Ashley Maddison hack.

Read more: The Sydney Morning Herald via MSN, 8 November, 2022

O’Neil details measures to mitigate Medibank breach harms

The federal government has engaged social media companies and placed protections on government data as part of initial measures designed to respond to the release of stolen Medibank customer data...
The Australian Federal Police has expanded Operation Guardian, initially launched for the Optus data breach, to protect Medibank customers in light of the development.

Following a National Coordination Mechanism (NCM) meeting on Wednesday morning, also attended by Health minister Mark Butler, Ms O’Neil told question time in Parliament that the eSafety Commissioner is an active part of the NCM.

Read more: Innovation Aus, 9 November, 2022