AUS
NZ
UK
CA
USA
FRA
GER
ESP
ITA
NLD
PRT
SWE
GRC
IND
POL
BRA
ZAF
RUS
CHN
UAE
Highlights
- Medibank today (7 November) released an update on what customer information has been accessed by the hacker following last month’s data breach.
- About 9.7 million customers’ data has been accessed by the hacker.
- The Australian insurer has decided not to pay any ransom for the stolen data.
The Australian health insurance company, Medibank Private Limited (ASX:MPL), today (7 November) released an update concerning the cyberattack that occurred on 13 October 2022. Medibank has opted not to pay the demanded ransom for the data breach because it fears that doing so could encourage the hacker to directly extort Medibank's customers.
Following the update, the shares of Medibank were trading 2.836% strong at AU$2.90 on the ASX at 11:41 AM AEDT today (7 November).
When the company revealed on 13 October that possible customer data theft had occurred, its shares were placed on trading halt for two days. On 25 October, after Medibank acknowledged that the hacker had stolen medical-related data of ahm (Australian Health Management Group Ltd), Medibank, and international student customers, the shares resumed trading on 26 October. The share price of Medibank decreased by 18.1% on 26 October after this data theft confirmation.
A glance at the recent cybercrime attack on Medibank
As per the ASX announcement, based on Australian Federal Police’s investigation to date, the hacker may have:
- Accessed data of about 9.7 million active and non-active customers and some of their authorised representatives, including name, birthdate, address, phone number, and email address.
- This number includes around 5.1 million Medibank customers, approximately 2.8 million ahm consumers, and about 1.8 million international student customers.
- Not accessed Medibank and ahm resident clients' primary identification documents, such as drivers' licences.
- Accessed Medicare numbers for ahm customers and passport numbers and visa details for international customers. Both numbers are without the expiry dates.
- Accessed health claims data for over 160,000 Medibank clients, about 300,000 ahm clients, and about 20,000 international clients.
- This information comprises the name and location of the service provider, the setting where patients got specific medical services, and the diagnosis and procedure codes used.
- Accessed personal and health claims data of around 5,200 My Home Hospital (MHH) patients and contact information of about 2,900 of their next of kin.
- Accessed names, phone numbers, and addresses of health providers.
- Not accessed health claims data for services like dental, physio, optical, and psychology.
- Not accessed banking or credit card details.
Talking about this update, David Koczkar, CEO, Medibank, said:
Image Source: © 2022 Kalkine Media ®
Data Source- Company announcement dated 7 November 2022
What steps is Medibank taking to combat this cybercrime?
To protect its customers from the effects of this cyberattack, Medibank is taking the following actions:
- The insurer has advised its customers to stay vigilant as the hacker may attempt to contact them directly or publish their stolen data online.
- Medibank has commissioned an external review to better understand this crime and take precautionary steps to safeguard its clients.
- The company will continue working with the Australian Cyber Security and the Australian Federal Police for further investigation.
- Medibank has made preventing more unauthorised access to its IT network a top priority, along with keeping an eye out for any unusual activities.
